Levi, Ray & Shoup, Inc. Senior Applications Security Engineer in Lenexa, Kansas

Time to get to work! We’re seeking an experienced Senior Applications Security Engineer for a client in Kansas City. This is a Direct Hire engagement for the right person. If you’re that person, if you have the Senior Applications Security Engineering expertise that we need, submit your resume now!

LRS Consulting Services has been delivering IT excellence for over three decades. Our reputation for quality, flexibility, and strong relationships with our clients keeps them turning to us to meet their IT consulting needs. Our contacts combined with your technical expertise equals career possibilities for you. So let’s get to work!

Reporting to the Director of Information Security, the Senior Application Security Engineer will lead the our client's Application Security Program. The position will: a) evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques; b) provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls across the application portfolio; c) advises and consult internal clients/teams on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.

Provide overall leadership to the application security program. This includes program leadership of a software assurance model such as OPEN SAMM/OWASP SAMM or others, and technical leadership and collaboration efforts with application security team leads and delivery managers throughout our client to integrate application security into the SDLC.

Evaluates applications for appropriate and effective use of security controls. Conducts application code, web application and other vulnerability scans using SAST, DAST and other security scans/vulnerability tools and techniques. Ensures that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.

Provides expert guidance on secure coding practices. Provides technical consultation in assisting development and engineering staff in appropriate selection and implementation of relevant application security controls across the application portfolio.

Administers application/vulnerability management security tools. Serves as system administrator for Application Security tools, set including Static Application Security Tools (SAST) and, Dynamic Application Security Tools (DAST), including installation, setup, configuration, administration, conducting scans. Serves as subject matter expert for the Application Security Tools. Coordinates integration of tools into SDLC process including integration in the Integrated Development Environment (IDE) tools, Continuous Integration and Continuous Development (CI/CD) pipeline tools.

Analyzes and reports on vulnerability scan results data for trending, business impact, prioritization. Produces various routine and ad-hoc reports, resulting from analysis of scan result data. Produces metrics, including application/vulnerability security dashboards, and scorecards to meet the needs of Mediware staff including executives, internal staff/contractors such as Development/IT/Network and Hosting staff.

Design, develop and deliver presentations focused on raising awareness for application security and defensive programming techniques.

Builds relationships with internal technical customers including Development/IT/Network and Hosting staff to assure collaborative approach to improving and maintaining the security posture of our client.

Documents security and vulnerability findings and all work activities efforts following technical standards, using approved methods. As needed, participates in the development, review, and finalization of documentation, best practices and procedures to improve and maintain the security posture of our client.

Assists in enhancing the security program through evaluation of tools, implementation of automation of security testing and other process improvements.

Participate in the training and/or mentoring programs as assigned or required.

Adhere's to the client's Values and supports a positive company's culture

Responds to the needs and requests of clients and management and staff in a professional and expedient manner.

Other Duties As Assigned

Qualifications:

  • 3+ years of experience in application security testing.

  • 3+ years of experience with application security or development (.Net, Java, C++, PHP, Node.js, JavaScript, HTML) with focus on secure, Internet-exposed, multi-tier web-based systems.

  • 2+ years of experience with HP Fortify, CheckMarx, Veracode; or Syonpsys

  • Candidate must be able to effectively communicate in English (written & verbal)

  • Candidate must have permanent authorization to work in the USA for any employer

  • Corp to Corp candidates will not be considered

Additional Skills:

  • Proficient experience leading teams, collaborating with others across organization;

  • Applying good risk-based judgment to complex problems.

  • Excellent troubleshooting, listening and problem-solving skills

  • Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.

  • Able to work in a fast paced deadline oriented environment

  • Customer focused

  • Works well in a team environment

LRS is an equal opportunity employer. Applicants for employment will receive consideration without unlawful discrimination based on race, color, religion, creed, national origin, sex, age, disability, marital status, gender identity, domestic partner status, sexual orientation, genetic information, citizenship status or protected veteran status.