Sr. IS Application Security Engineer - INF001195

The role of the Sr. IS Application Security Engineer is responsible for supporting the daily operations of the USCC Application Security program. This role will require the applicant to be proficient in the use of application code and vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization.

The Security Operations team is responsible for management of all Security tools, executing the Security Incident Response process for any alerts or events found within their tools set or from additional sources as well as identifying and scoring risk related to the Enterprise.

Essential Duties and Key Responsibilities

• Guide and improve upon the Application Security program through a very close working relationship with DevOps, application development and QA teams.
• Using automated tools to perform source code security analysis (Vericode or Checkmarx) to identify vulnerabilities and attack vectors in web applications (SAST & DAST)
• Maintain documentation related to the Application Security program including the development of secure coding policies, procedures and standards and modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
• Pursue understanding of application security requirements early-on and incorporate into secure code development practices.
• Support the assessment and acquisition of application security tools and technologies.
• Supporting the building, production and maintenance of metrics associated with the application security program
• Reviewing and coordinating changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model
• Guiding development teams in best practices across all stages of the SDLC
• Monitoring and responding to Open Source Software weaknesses and exposures
• Evangelizing and driving Application Security inside the company

Experience and Educational Requirements

• 5+ years of applicable security or development experience
• Bachelor's degree preferred
• Security related certifications such as CSSLP, CISSP, GIAC, preferred
• Security and/or Web application security certifications preferred
• Experience with dynamic web application vulnerability scanning tools and services
• Experience with static code analysis tools and services
• Application development / software development experience, understanding of security protocols and APIs.
• Experience with one or more common programming languages, frameworks, and libraries (VB, Java, .Net, Ruby, C++, Python, Struts, Spring, Groovy, JSON, Node.js, etc.)
• Working knowledge of vulnerabilities associated with the OWASP Top 10 & SANS Top 20
• Ability to write scripts in languages such as Python, BASH, or PowerShell for automation
• Familiarity with application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools for client-server, web, mobile, and cloud applications
• Knowledge of secure SDLC principles
• Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats
• Understanding of risk management practices with emphasis on risk assessment and interpretation and application of corporate information security policies

Job : Information Technology

Location(s) : Illinois-SCHAUMBURG_IL

U.S. Cellular® is an EEO employer and gives consideration to qualified applicants without regard to race/color/age/religion/sex/sexual orientation/gender identity/national origin/disability/veteran status, pregnancy or genetic information.