Application Security Engineer

Job Summary

We're seeking a talented and enthusiastic Application Security Engineer who will work with the development teams to ensure security is embedded in the overall Software Development Life Cycle (SDLC) process and technology risk are addressed at each phase.  You will serve as highest level technical architecture expert for software development / infrastructure teams at the program level and are expected to conduct security assessments and penetration testing. You will research and evaluate vulnerabilities, attack vectors, and associated risks to determine the impact to our application systems. 

Key Tasks & Responsibilities (Essential Functions)

• Conduct security assessments of web and mobile applications, APIs, and microservices.
• Proactively identify and mitigate against application security risks or incidents
• Perform application and source-code reviews, threat modeling and penetration tests to build application visibility
• Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
• Provide guidance and oversight into secure application coding practices conducted by other teams by acting as a mentor to software developers
• Provide security training to internal engineering, DevOps and infrastructure teams.
• Develop and implement the application security program in-line with industry best practices and compliance across all of Acuity Brands engineering teams.
• Raise awareness of application security requirements through development and review of application security standards, policies and secure SDLC processes
• Continuous learning and researching  security related trends and best practices.

Preferred Skills and Experience

• Bachelor's Degree in Computer Science (CS) or equivalent 
• 8+ years of experience in the security domain with working knowledge of Software Development and required knowledge of application testing
• Experience with static analysis tools (e.g., SNYK, BlackDuck, Checkmarx) and knowledge of OWASP tools and methodologies.
• Experience with vulnerability and application scanning tools (e.g., Qualys, Nessus, AppScan, BurpSuite)
• Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
• Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
• Experience with Cloud Service Providers (Azure and/or AWS)
• Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable
• Communication skills to create documentation, videos and conduct training classes