This site uses cookies. To find out more, see our Cookies Policy

Sr. Application Security Engineer in Alpharetta, GA at CIOX Health

Date Posted: 2/27/2019

Job Snapshot

Job Description

Responsible for the application security across the whole SDLC from requirements to testing. Agile product owner for “Security”; prioritizes security requirements, security defects and other security work items for the team. Conducts penetration tests/web app assessments of company developed applications.

Skills: OWASP, SAST, DAST, SAML, SDLC, network security, Scripting, AJAX, Apache, SOAP, Windows, Linux, Weblogic, WebSphere, XML, Tomcat, SAS, IIS, Oracle, SQL


• Agile Product Owner for Security; prioritizes application security requirements, defects and other security work items for the team
• Manages and audits the code review process within the SDLC
• Works with the development teams to validate security functionality
• Test release candidates to detect vulnerabilities prior to release at end of sprint cycle
• Maintain an annual schedule and execute penetration tests against the corporate portfolio of applications
• Provide security training to engineering staff (OWASP, Secure Coding, etc.)


• Strong (Manual) web application security testing experience
• Knowledge of HIPAA, PCI, SOC1/2, HITRUST, and SOX audit requirements
• Knowledge of the software development life cycle in a large enterprise environment
• Knowledge of DevSecOps methods integrating security controls into the CI pipeline
• Experience with performing code review
• Programming background (C++/Java, Perl, Python, Shell)
• Understanding of various web application architectures
• Understanding of server and client side application development
• WebServices technologies like XML, SOAP, RESTful, and AJAX
• Technical knowledge in security products, cryptographic suites, authentication and authorization
• Operating Systems: Windows and Linux.
• Web Servers: IIS, Apache, NGINX
• Middleware software: Oracle's WebLogic, IBM's WebSphere, Apache Tomcat
• In-depth knowledge of proxying tools such as Paros, Burp, WebScarab, and ZAP
• Experience with any of the commercial SAST tools (SonarQube, VERACODE)
• Experience with open source tools like Whisker and Nikto
• Networking tools, such as OpenVAS and nmap