This site uses cookies. To find out more, see our Cookies Policy

Senior Application Security Engineer in Overland Park, KS at Netsmart

Date Posted: 11/28/2018

Job Snapshot

Job Description

Security Engineer Overview:

The Application Security Engineer will work supporting our Internal, hosting and cloud environments. This individual has responsibility as a primary security and technical resource for the IT Security Engineering department and provides application security and technical oversight for designing, testing, and implementing information security solutions in coordination with other IT groups as necessary. This individual will be performing a wide variety of functions such as administering complex application security environments, performing reviews of internal systems and updating security procedures on best practices for testing methodologies for various environments. The individual will relay issues to the senior team members and will remain up to date with new vulnerabilities and exploits.  This position may include on call time for security issues and after-hours maintenance.

Primary Responsibilities:

  • Builds relationship and partners with member of IT Security and Compliance, Enterprise Architecture, Network Engineering, Support Operations and with functional areas across IT and the business to raise and support the security posture of the company
  • Identify risks and areas of exposure in applications developed and/or used by Netsmart
  • Perform security reviews of source code, stored procedures, and server/service configurations.
  • Define and document application security requirements for Netsmart applications.
  • Oversee development of security components throughout all stages of the SDLC.
  • Perform manual and automated security testing of Netsmart applications.
  • Act as liaison for 3rd party assessments between various development teams
  • Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
  • Educate developers on secure coding techniques and security best practices.
  • Participate in development of security policies, standards, and processes.
  • Participate in incident handling and perform application-related forensics activities.

Responsibilities:

  • Be the subject matter expert on the identity management solutions suite for our customers and partners and also other internal Netsmart resources
  • Experience with complex enterprise firewall clusters, VPN devices, IDS/IPS, Active Directory, Email Systems, SIEM and various vulnerability assessment tools and solutions
  • Develop security engineering requirements, standards and guidelines, processes and procedures
  • Review applicable security support models and identifies opportunities for continued process improvement
  • Monitor and review requests for change to assure they do not introduce any security and/or compliance risks to the enterprise and meet security requirements, guidelines and compliance requirements
  • Create physical and logical architecture solution roadmap for linking Netsmart Identity services solutions with client business processes and technologies
  • Work with Engineering and Product teams to assist with new feature requirements and provide feedback from customers on current features and potential enhancements

Requirements:

  • CISSP, CISM, CISA, GSEC, CCSE or similar security designation
  • Demonstrated passion for cybersecurity, technology, solution design, and self-study
  • 5+ years of hands-on application security experience with multiple entities
  • Requires Bachelor’s degree in Computer Science, Business or a related field.
  • Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET

Preferred Qualifications:

  • Working knowledge in AWS space with various AWS services and implementations (i.e. VPCs, SES, RC2, R3, Route 53, Cloud Formation, etc.) or with Azure equivalents.
  • 3+ years’ experience developing identity management strategies, architecture, and implementations.
  • Experience in Identity Management, Access Management, and Directory Services technologies including LDAPv3, SQL and noSQL technologies.
  • Experience in OAuth, OpenID Connect, and SAML
  • Experience with Databases (Oracle, MSSQL, MySQL).
  • Advanced knowledge of web application technologies, Jquery, AJAX, XML, CSS and SOA
  • Experience with cloud and “big data” storage, databases, and APIs
  • Ability to identify security vulnerabilities from source code reviews and testing.
  • Knowledge of encryption technologies, secure communications, and secure credentials management.
  • Advanced scripting experience with many scripting languages
  • Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
  • Intimate familiarity with web application testing tools
  • Ability to define application security requirements and to lead the direction of building secure web application solutions.
  • Strong work ethic, attention to detail, and organizational skills.
  • Ability to multi-task and manage priorities in a fast-paced environment.
  • Ability to collaborate in a team and work independently.
  • Conceptual understanding of software development principles and SDLC models
  • Familiarity with OWASP best practices
  • Working knowledge of hacking tools such as metasploit, hashcat, nmap, etc.
  • Strong technical documentation and reporting skills
  • Must be able to quickly master new technology / software for the purposes of evaluating or subverting the security functionality of the technology / software
  • Solid knowledge of IT standards, concepts, best practices, and procedures
  • Excellent verbal and written communication skills that can communicate to various levels of technical audiences
  • Ability to take initiative & manage multiple detailed tasks in a fast-paced and ever-changing environment
  • Must be organized, analytical and capable of identifying and solving problems
  • Must be current with latest technology monitoring and security programs and techniques

Netsmart provides equal employment and advancement opportunities to all individuals. Employment decisions at Netsmart will be based on performance, qualifications, abilities, education and experience.  Netsmart does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender, sexual orientation, gender identity, national origin, age, physical or mental disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Netsmart complies with any applicable state and local laws governing nondiscrimination in employment.

CHECK OUT OUR SIMILAR JOBS

  1. Software Engineer Jobs
  2. Project Engineer Jobs