Ready to start a project with us? Let us know what's on your mind.

1501 Broadway STE 12060
New York, NY 10036-5601

    Select Service(s)*

    x Close


    Winmill Software seeks bright, goal-oriented, professionals for full-time positions. Winmill offers a generous salary structure and a comprehensive benefits package (including medical/dental) to qualified applicants.

    Application Security Engineer

    View More View Less

    Company: Winmill

    Location: Remote (Available on Eastern Standard Time)

    Job Description

    Winmill Software is actively seeking a full-timeĀ Application Security Engineer. The candidate will perform application security assessments using leading market tools, and be able to read, vet and triage results. The ideal candidate will have a background in application development and can work with developers to remediate vulnerabilities. The candidate must understand Secure DevOps and be able to design and build ALM architectures that support static scanning, dynamic scanning, risk correlation and remediation management. The candidate must be an enthusiastic problem solver with excellent communication skills, must be able to work independently and directly with clients, and must be committed to establishing and teaching best practices for Application Security and Secure DevOps.

    Job Responsibilities

    • Design and build secure development operations (Secure DevOps) architectures for clients as part of a continuous integration process.
    • Perform static and dynamic application vulnerability assessments using multiple tools.
    • Evaluation scan results, parse out false positives, correlate results from multiple tools, triage results and provide recommendations for remediation.
    • Perform actual code remediation in one more of the following.
    • Train clients on Secure DevOps best practices, as well as how to use various tools.
    • Help to build out Secure DevOps architectures in WinMill sandboxes; train WinMill staff on best practices

    Job Requirements

    • Bachelor’s degree in computer information systems, or equivalent.
    • At least three (3) years’ experience in software development using one or more of the following: javascript, node.js, java, C, C#, .NET, PHP, Python, Ruby.
    • Ability to identify vulnerabilities in applications written in these languages.
    • Knowledge and ability to assess web and non-web applications.
    • Knowledge of secure coding methodologies including OWASP Secure SDLC, MS-SDLC.
    • At least two (2) years’ experience with dynamic security testing tools such as Acunetix, BurpSuite, HP Webinspect, Veracode and ZAProxy.
    • At least two (2) years’ experience with static testing tools such as CheckMarx, HP Fortify Static Code Analyzer and Veracode. Knowledge of CI/CD tools such as Artifactory, git, Chef, CircleCI, Consul, Jenkins, Microsoft TFS.
    • Knowledge of secure methodologies and programming concepts including cryptography, authentication models and standards, secure libraries, and methods to evaluate their applicability to business and development problems.
    • Preferred: knowledge of AWS environments and development within them, including CloudFormation.
    • Experience, knowledge and presence to teach and train developers on secure coding and development techniques.
    • Proficiency in written and spoken English.
    • Ability to present findings and summaries of issues to senior management.
    • Proactive and self-motivated, including willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance.
    • Authorized to work in the US for any employer.
    IATSE Logo
    Home Depot Logo
    Federal Aviation Administration Logo
    Ernst and Young Corporate Logo
    Equifax Corporate Logo
    Dish Corporate Logo
    American Cancer Society Logo
    Volkswagen Logo
    Electronic Arts Corporate Logo
    Cisco Systems logo
    Microsoft Logo
    American Greetings Logo
    J.M. Smuckers Logo
    Kaiser Permanente Logo
    Columbia University Logo
    Yale University Logo
    UPS Logo
    Terumo Logo
    Sprint Logo
    Six Continents Logo
    SAIC Logo
    Radiant Logic Logo
    P.F. Chang's Logo
    Ohio State Logo
    Iona College Logo
    Harry Walker Logo
    Google Logo
    Duke Energy Logo
    Disney Logo
    Credit Suisee Logo
    Booz Allen Hamilton Logo
    BD Briggs Logo
    Asics Logo