Senior Application Security Engineer

5 days ago

Apply Now

Receive Emails with Similar Jobs

Commonwealth Fusion Systems

WebsiteLinkedInAll Job Openings

Designing and building commercial fusion systems to provide limitless, clean energy to the world

51 - 200

Description

• Partner with various software development teams to enhance our secure SDLC efforts • Advance the security of our IaaS and codebase in a DevOps environment, from development to production (e.g. SAST, APIs, DAST, IaC, WAF, CSPM, CWPP) • Assist with vulnerability management and threat intelligence, tracking and mitigating threats as necessary • Seek opportunities to apply automation and DevSecOps thinking, via threat intelligence analysis, security orchestration, and other operational efficiencies • Contribute to the administration of cybersecurity tools needed to achieve the cybersecurity mandate (SIEM, DLP, IAM, PAM, EPP/EDR, MDM, etc.) • Maintain current knowledge of new products and industry trends, and recommends enhancements and purchases that allow CFS to maintain a healthy and functional environment • Provide technical consulting to management, business users, and technical associates to ensure that applications and platforms are secure • Architect, design, implement, maintain and operate information system security controls and countermeasures; documents the operation, use, and expected outputs of these systems • Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance and alignment with security standards/frameworks (NIST 800-53) • Help promote a culture of cybersecurity awareness via outreach and training

Requirements

• Bachelor degree in Cybersecurity, Computer Science or equivalent experience • Relevant certification in the Cybersecurity field (CISSP preferred) • 5 years experience in a hands-on application security focused role • Experience securing IaaS (AWS) and cloud-native applications in a DevOps environment, from development to production (e.g. SAST, APIs, DAST, IaC, WAF, CSPM, CWPP, BSIMM, SAMM) • Demonstrated ability to apply fundamental cybersecurity and IT concepts to tasks and projects • Ability to work in a fast-paced environment and prioritize tasks/projects • DevSecOps/automation of security tasks • Excellent analytical and problem solving skills, and attention to detail • Evidence of personal focus on continuous learning • AWS Security certification • Hands-on experience managing enterprise security technologies (SIEM, firewall, IDS/IPS, EPP/EDR, IAM, DLP, etc.) • Familiarity with regulatory, compliance, and security frameworks (NIST, ISO, SOC 2) • Computer forensics • Ability to type, stand, and sit for extended periods of time • Willingness to occasionally travel or work required nights/weekends/on-call • Work in a facility that contains industrial hazards including heat, cold, noise, fumes, strong magnets, lead (Pb), high voltage, high current, pressure systems, and cryogenics • #LI-Remote