Application Security Engineer
Tyler Technologies | Yarmouth, ME
The Employer has temporarily removed this postingApplication Security Engineer
Tyler Technologies is seeking an Application Security Engineer to catalog, audit, and test Tyler software products for application security vulnerabilities.
The Application Security Engineer position involves conducting application security assessments against Tyler products and systems, maintaining metrics of vulnerabilities, collaborating with development groups to triage and remediate. The Application Security Engineer will work to improve automated and manual security testing practices in all development groups. This is a great opportunity to have a direct impact on the security posture of our company, ensuring that Tyler products are effectively protecting client data and systems from attackers.
Less than 5%
- Execute project plans and maintain the scope, schedule, and each party's responsibilities.
- Catalog and maintain a list of all Tyler products and which technologies each are utlizing.
- Conduct planning sessions with key development leaders to identifying security GAPs in the current software development life-cycle.
- Build and maintain a vulnerability tracking platform for all Tyler products.
- Test all Tyler products for OWASP Top Ten vulnerabilities using both automated and manual testing.
- Consult for development groups and recommend mitigation techniques for known and upcoming application and system vulnerabilities.
- Assist divisions with implementing regular automated and manual testing as a part of their software development life-cycle.
- Investigate enterprise security incidents and provide analysis to senior leadership.
- Write detailed reports describing vulnerabilities and remediation steps.
- Provide and execute projects to increase Tyler's overall security posture.
- Bachelor's degree in information technology, computer science, information assurance or comparable work experience
- IT certifications such as MCITP, CCNA, Network+, OSCP, CISSP, and/or CSSLP
- IT experience with deployment of various development frameworks and system stacks.
- Experience with multiple operating systems, databases, and hypervisors such as Windows, Linux, Unix, VMWare, HyperV, Oracle and MS SQL.
- Experience with multiple authentication technologies, Active Directory, OpenID, SAML, and forms based.
- Experience with various network technologies such as Intrusion Prevention Systems, Web Application Firewalls, and load balancing technologies.
- Excellent oral and written communication skills.
- Excellent analytical and problem-solving skills.
- An ability to work both independently and as a team is critical.
- Must be passionate about security and continuing education outside of work.
The ideal candidate will have advanced knowledge of:
- Operating system, network, and application security vulnerabilities
- Testing of OWASP Top Ten Vulnerabilities
- Building exploitation scenario's based on vulnerabilities
- Security testing tools and frameworks (BurpSuite, Kali Linux, IBM AppScan, Dir Buster, Sqlmap, Metasploit, nExpose, nmap, OWASP ZAP, SOAPUI)
- Strong knowledge of networking, firewalls, core programming methodologies