GENERAL PURPOSE OF THE JOB:   

The Security Engineer (AppSec) is responsible for controlling gaps in security measures by working with the team to research, test, deploy, optimize, and support solutions with an emphasis on applications and application security. This position operates in a hybrid environment consisting of on-premises infrastructure, as well as a multi-cloud tenant. (Azure, AWS) The Security Engineer acts as a subject matter expert for the team and serves as security representation during company driven initiatives. The Security Engineer supports the operations of the security team by leveraging their knowledge and skills to assist with investigations, problem solving, and other support as needed.  

  **Position sits in West Des Moines and will work an onsite hybrid schedule**

 

ESSENTIAL DUTIES AND RESPONSIBILITIES:  

• Establishes and maintains security controls over application development processes within the organization.
• Reviews output from code security and DAST tools to establish directives and assist with remediation.
• Provides security recommendations in application design discussions
• Leads initiative to foster secure coding practices within the organization.
• Implements and oversees secure code training for development teams.
• Defines standards and policies around secure development.
• Implements and oversees review process for internally developed applications and scripts prior to fielding in production
• Assists with the maturation of organizational application control programs and processes.
• Creates robust documentation for company processes and procedures around application security.
• Participates in security audits and implements changes to remediate findings.
• Collaborates with other teams to ensure security concerns are addressed within organizational projects and initiatives.
• Develops and participates in table-top exercises, designed to simulate defense of corporate assets from attackers.
• Works alongside vendors and architecture teams to facilitate procurement of new products and services.
• Assists with or leads security engineering projects based on organizational need and skillset.
• Provides mentorship and training team members.
• Performs other duties as assigned.

 

SUPERVISORY RESPONSIBILITIES:

Direct Reports: 0

General Description of Indirect Reports (2 and 3-downs):  0

 

EDUCATION AND/OR EXPERIENCE:  

• Bachelor’s degree in related field of study; plus 3-5 years’ related experience; or equivalent combination of education and experience
• Must demonstrate an understanding of security principles in application development through either education or work experience.
• Must demonstrate previous software development or application design experience.
• Experience working in a public cloud environment. AWS preferred.
• Experience with IAC, CI/CD, and code security tools preferred.
• Experience in .Net, Python, and/or React a plus.
• Experience in DevSecOps environment a plus.

 

CERTIFICATES, LICENSES, PROFESSIONAL DESIGNATIONS:

At least one mid-level/advanced certification from GIAC, ISACA, ISC2, or CompTIA is preferred but not required.

 

KNOWLEDGE, SKILLS AND ABILITIES: 

• Deep understanding of technical and security concepts and the practical application of those concepts in a business environment.
• Strong interpersonal skills.
• Strong verbal and written communication skills with the ability to effectively present information and respond to questions from groups.
• Strong interpersonal skills.
• Strong attention to detail.
• Willingness to learn and venture outside of comfort zone.
• Proven problem-solving skills with ability to define problems, collect data, establish facts, and draw valid conclusions.
• Takes initiative with ability to follow-through; is highly self-motivated and directed.
• Technologically adept.
• Able to think outside the box and be creative.
• Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
• Ability to work effectively in a team environment.
• Ability to work cooperatively and successfully with employees, customers, and other outside third parties.
• Ability to successfully handle pressure and meet deadlines.
• Ability to manage multiple projects and issues simultaneously.
• Ability to travel 5% of the time.

Physical Demands

Ability to lift up to and over 50 lbs. of weight under 1/3 of the time.

 

#LI-PL1

 

This description covers the major purpose and essential functions of the job.  It is not intended to give all details or a step-by-step account of the way each task is to be performed.  Employees may receive other job-related instructions and be required to perform other job-related work requested by their manager.  All requirements are subject to possible modification to provide reasonable accommodation to qualified individuals with disabilities.