Application Security Engineer

Company Description

About Veolia North America

A subsidiary of Veolia Group, Veolia North America (VNA) offers a full spectrum of water, waste and energy management services, including water, and wastewater treatment, commercial and hazardous waste collection and disposal, energy consulting and resource recovery. VNA helps commercial, industrial, healthcare, higher education, and municipality customers throughout North America. Headquartered in Boston, Mass., Veolia North America has approximately 10,000 employees working at more than 350 locations across the continent. Please visit our website www.veolianorthamerica.com.

Job Description

BENEFITS

Veolia's comprehensive benefits package includes paid time off policies, as well as health, dental and vision insurance. In addition, employees are also entitled to participate in an employer sponsored 401(k) plan, to save for retirement.  Pay and benefits for employees represented by a union are outlined in their collective bargaining agreement. 

Position Purpose: 

The Application Security Engineer identifies and remediates security vulnerabilities in software applications, ensuring robust protection against potential threats. The Application Security Engineer develops and implements security measures, conducts security assessments, and provides guidance on secure coding practices and stays updated on the latest security trends and technologies to continuously enhance application security

Primary Duties/Responsibilities:

• Assist in onboarding applications and applications to Secure SDLC controls including remediation guidance, issue tracking and metrics.
• Assist in integration of security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process.
• Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Software Development Life Cycle (SSDLC).
• Provide remediation coaching to development teams on how to build a more secure application, including explanations of risk assessment, e.g. likelihood, impact.
• Review and improve static and dynamic analysis findings to ensure their accuracy and relevance.
• Perform impact assessments, develop prioritized remediation plans, and drive remediation campaigns for the newest and most critical application vulnerabilities.
• Perform security architecture and design reviews.
• Take a leadership role in driving strategic solutions to recurring vulnerabilities.
• Provide actionable security guidance to our engineering teams.
• Integrate security technologies and processes directly into our pipelines.
• Proactively research and monitor security-related information sources to aid in vulnerability discovery.
• Understand, communicate and balance business risk with security risk.
• Ability to understand business requirements and apply security controls without adversely affecting the desired functionality.

Work Environment:

• This will be a hybrid role located in Milwaukee, WI.

Qualifications

Education/Experience/Background:

• Bachelor’s or Master’s Degree in Computer Science, Engineering, Information Security or extensive professional experience considered in place of a Bachelor's degree.
• Min of 5 years of professional experience as an Application Security Engineer.
• Experience with infrastructure as code (IaC) using Terraform, Ansible, AWS CDK, or similar.
• Experience with DAST, SAST, SCA.

Knowledge/Skills/Abilities:

• Subject matter expertise in application security and vulnerability assessments.
• Provent technical understanding of OWASP Top 10, CVSS and other vulnerability ratings.
• One or more programming languages (Rust, Python, C++, Go, PHP, etc.).
• Application Security, AWS, GCP, Azure Security, Container Security.
• Tools you may be familiar with:
  • APT Hunter, AWS, Alien Vault, Azure, Bash, Confluence, Cuckoo Sandbox, EKS, Google Workspace, Github, GitLab, Golang, HTML, Hashcat, JIRA, JWT, Java, Java script, Jenkins, Kubernetes, Metasploit, New Relic, Nmap, NodeJS, OWASP, Python, Rails, Ruby, SAML, SNORT, SNow, SQL, SQLMap, TypeScript, Wireshark, tcpdump, Yara, Zeek.
  • Familiarity with IDEs, e.g. Visual Studio, eclipse or IntelliJ IDEA.
  • Familiarity with build systems such as Bamboo, Jenkins, AWS native build tool.
  • Familiarity with IDEs, e.g. Visual Studio, eclipse or IntelliJ IDEA.
• High level of personal integrity with the ability to professionally handle confidential matters and reflect appropriate level of judgment.
• High degree of accuracy and attention to detail.
• Excellent organization skills and ability to multitask.
• Knowledge of Threat Modeling and risk assessment techniques.
• Strong understanding of encryption, authentication, and access control mechanisms.
• Firm understanding of enterprise class application architectures that are highly scalable, reliable and the ability to secure them.
• Deep technical understanding of the Mitre Attack Framework.
• Ability to work independently with minimal direction, self-starter, self-motivated with an passion for security & automation.

Additional Information

We are an Equal Opportunity Employer! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law.