Back

Application Security Engineer

Dematic Corp.

Location Pin Icon
Atlanta, GA
LOCATION

Job Description

As posted by the hiring company

Job Overview:

The Global Software R&D Organization is responsible for delivering innovative software products to support a wide range of intralogistics, material handling, and management solutions. These products play a major role in powering the logistics operations of enterprises in a wide range of industries worldwide including eCommerce activities. We are looking for a hands-on, dynamic, and enthusiastic cybersecurity engineer to help drive our cybersecurity efforts. This is an exciting opportunity to join our cybersecurity efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry. The cybersecurity engineer is an important member of the Software R&D team. This role is hands-on application security that applies expertise in cybersecurity and knowledge of security best practices to the development of existing and future products. The cybersecurity engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance cybersecurity and development practices of product teams. Key responsibilities: - Support overall SSDLC activities to incorporate effective security for all product development (i.e. Security by Design and Security by Default.) - Perform/arrange for static, dynamic, and penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediating controls in collaboration with development teams. - Provide Technical leadership in, and coaching/mentoring for, cybersecurity matters related to various software development activities spanning cloud, on-premise/edge and controls software. - Establish business continuity and disaster recovery plans - Develop, validate, and maintain an incident response plan and processes to address potential threats. - Provide leadership for the technical oversight related to the implementation and operation of cybersecurity and information security tools, technologies, solutions, and methodologies. - Stay abreast of cybersecurity best practices, technology trends, tools, and frameworks - Hands-on experience of application security scanning tools and how to manage vulnerability findings: SAST, DAST, SCA - Experience reviewing architecture design document for security input - Must have experience with agile methodologies - Perform security manual and automated penetration testing of the web application, API’s and system - Provide vulnerability prioritization and guidance on remediation

What we offer:

Career Development

We are here to support you for the entirety of your Dematic career. From a fast start of learning Dematic’s history and foundational training to succeed in your role to leadership development programs, technical training and certifications, and Career Navigator to identify challenging new opportunities, our goal is to help you grow beyond your borders.

Competitive Compensation and Benefits

Our attractive and market competitive total rewards packages are designed to reward high performance and to assist in managing your personal and family needs. Dematic offers robust packages based on employment status and national requirements.

Pay Transparency

Dematic is committed to pay transparency. As such, Dematic will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

However, Dematic will still maintain confidentiality of your pay information. Employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by Dematic, or (c) consistent with Dematic’s legal duty to furnish information.

Global Opportunities

As a global company, our employees are exposed to different ideas and perspectives from around the world. We offer international assignments for qualified employees and wherever possible, we offer flexible working hours and modern workspace design.

Learn More Here: https://www.dematic.com/en-us/about/careers/what-we-offer/

Tasks and Qualifications:

The Global Software R&D Organization is responsible for delivering innovative software products to support a wide range of intralogistics, material handling, and management solutions. These products play a major role in powering the logistics operations of enterprises in a wide range of industries worldwide including eCommerce activities.

We are looking for a hands-on, dynamic, and enthusiastic application security engineer to help drive our application security efforts. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry.

The application security engineer is an important member of the Software R&D team. This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. The application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams.

Key responsibilities:

  • Support overall SSDLC activities to incorporate effective security for all product development (i.e. Security by Design and Security by Default.)
  • Perform/arrange for static, dynamic, and penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediating controls in collaboration with development teams.
  • Provide Technical leadership in, and coaching/mentoring for, application security matters related to various software development activities spanning cloud, on-premise/edge and controls software.
  • Establish business continuity and disaster recovery plans
  • Develop, validate, and maintain an incident response plan and processes to address potential threats.
  • Provide leadership for the technical oversight related to the implementation and operation of application security and information security tools, technologies, solutions, and methodologies.
  • Stay abreast of application security best practices, technology trends, tools, and frameworks
  • Hands-on experience of application security scanning tools and how to manage vulnerability findings: SAST, DAST, SCA
  • Experience reviewing architecture design document for security input
  • Must have experience with agile methodologies
  • Perform security manual and automated penetration testing of the web application, API’s and system
  • Provide vulnerability prioritization and guidance on remediation

Qualifications:

  • BS in Computer Science or related field; MS in Computer Science or related field, with information security specialization, preferred
  • 5+ years of technical experience in the application security
  • 4+ years of manual penetration testing experience
  • 4+ years of automated vulnerability scanning testing
  • Ability to interpret dynamic/static analysis tools, and penetration test results
  • Experience in identifying and remediating java applications
  • Experience in identifying and remediating cloud-based applications
  • Knowledge of application security aspects of industrial control networks is a plus
  • Experience working with security regulatory requirements and standards (such as NIST 800 series, ISO 2700x series, GLBA, FFIEC)
  • Firm grasp of concepts and technology across all technology areas to be able to spot gaps and develop appropriate controls.
  • Strong foundation and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls.
  • Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it related to cloud, web, and mobile applications.
  • Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, Python, including 2+ years of hands-on programming or script writing including 2+ years of working with cloud applications
  • Strong knowledge of core information security principles and concepts (including TLS, secure HTTP and MQTT, OAuth/OAuth2) including virtualization technologies
  • Experience with (network) security tools such as Snort, Nessus, Metasploit, Burp Suite, Nexpose, Veracode, Qualys and Core Impact
  • Hands-on experience securing cloud application in GCP, AWS, and Azure cloud environment
  • Strong knowledge in security architecture, system, and network security
  • Security certification CISSP, OSCP, CEH, or equivalent. Certifications related to cloud development/security are highly desirable.