View all jobs

Sr Staff App Security Engineer

Washington, DC · Information Technology
Sr. Staff App Security Engineer
GreenFoot Technologies is seeking an Application and Product Security Engineer with a focus on software development and operational technology (OT) solutions. In this role you will partner across organizations to drive improved Software/Systems Development Lifecycle capabilities.  You will also engage with mine operations experts to design, build, and measure success of security controls in OT environments.  The successful candidate will be a subject matter expert with hands-on experience in a wide range of cloud technologies, software development, application security and security architectures, security tools, and methodologies. As an AppSec Engineer, you will apply your experience and expertise to challenging technical problems. You will work in a security team, but also as a partner with product teams and consultatively provide your security experience.

Essential Responsibilities:
This is a hands-on technical role that will provide the right candidate an exciting opportunity to leverage and grow technical, process and leadership skills in an exciting area of the company.
In this role, you will:
  • Develop approaches to address the implementation of software and OT security solutions
  • Consult development teams on security requirements and utilize common components to meet them and documenting of a secure software development lifecycle.
  • Be able to scope and participate in hardware and software penetration tests, vulnerability identification, and vulnerability risk assessment
  • Create and track meaningful metrics around product cyber risk and compensating controls
  • Create vulnerability and incident trend analysis to improve product design
  • Perform end-to-end application security reviews to ensure data, system components, and communication channels are appropriately protected.
  • Maintain cyber service catalog and conduct proactive vulnerability monitoring and assessment on cyber components
  • Engage and administer End-of-Life processes for digital products
  • Engage in application and domain-specific threat modeling and attack surface analysis/reduction
  • Help prepare reports at appropriate levels of confidentiality for stakeholders to view
  • Provides guidance on automated testing tools and techniques
  • Maintain documentation of design patterns/recipes for common security requirements
  • Architect, design, implement, support, and evaluate security focused tools
  • Perform other security functions or tasks as directed.

Basic Qualifications:

  • Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math)
  • 8+ years’ experience in Information Technology
  • 6+ years’ experience in Cyber Security engineering and support
  • 4+ years’ experience in Software Security or OT/Product Security

Eligibility Requirements: (Country Specific)
  • Legal authorization to work in the U.S. is required. 
  • Must be willing to travel domestic & international
  • Must be willing to work out of an office located in Northern Virginia, DC Area

Desired Characteristics:
Technical Expertise:
  • Experience with secure coding principles; code signing and secure boot
  • Experience with penetration testing and ethical hacking
  • Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
  • Proficiency in creating dataflow diagrams, network diagrams, and other application related design documents
  • Proven experience in security code review and code analysis
  • Must be fully proficient in, and able to instruct others, on the OWASP Top 10
  • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
  • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
  • Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)
  • Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP
  • Minimum of 5 years of experience with detection technologies (e.g. Snort, Suricata, Bro, netsniff)
  • Minimum of 4 years of experience with scripting languages (e.g. Ruby, Python, Perl, and Powershell)
  • Minimum of 2 years of experience with cloud technologies (e.g. AWS, Azure, OpenStack)
  • Minimum of 1 year of experience with secure development life-cycles
  • Minimum of 1 year of experience with identity management and authentication (Oracle OIM, AD)
  • 5-7 years of experience administering Unix-like operating systems (e.g. Linux, OSX)
  • 5-7 years’ experience administering orchestration tools such as Puppet, SALTStack, Chef, or Ansible
  • Nice to have familiarity with industrial control systems Cyber Security norms and standards (IEC62443, NERC-CIP, ANSSI, ISO 27k…)
  • Prior experience working within an Agile framework (Scrum/Kanban)
  • One or more Security Certifications or equivalent (CISSP, etc.)
  • One or more Platform Certifications or equivalent (RHCE, LFCE, etc.)
  • Familiarity with data analytics and machine learning principles and techniques
  • Knowledge of SIEM API integration techniques

Business Acumen:
  • Strong problem-solving abilities and capable of articulating specific technical topics or assignments
  • Experience in building scalable and highly available distributed systems
  • Expert in breaking down problems and estimate time for development tasks
  • Evangelizes how our technology solves customer problems from a technology and business perspective

  • Demonstrates clarity of thinking to work through limited information and vague problem definitions
  • Ability to solve very complex security issues that span legal, compliance and regulatory obligations across various lines of business and shared service areas of the company.
  • Proactively identifies and removes project obstacles or barriers on behalf of the team
  • Shares knowledge, power, and credit, establishing trust, credibility, and goodwill

Personal Attributes:
  • Able to work under minimal supervision
  • Excellent communication skills and the ability to interface with senior leadership with confidence and clarity
  • Must have proven verbal communications and written documentation skills
  • Able to work well with global teams, including time-zone flexibility
Skilled in providing oversight and mentoring team members. Shows ability to effectively delegate work
Powered by