Application Security Engineer

Notice of Collection & Privacy Policy for Applicants Residing in California: California Applicant Privacy Policy | Noridian (noridiansolutions.com)

Application Security Engineer

Application Security Engineer is responsible for integrating security into the software development lifecycle, ensuring secure deployment and operation of applications and infrastructure. This role encompasses penetration testing, vulnerability assessments, secure coding practices, security automation, threat modeling, and compliance enforcement. The position requires collaboration with development, operations, and security teams to embed security controls in release pipelines, implement best practices, and mitigate risks associated with application and infrastructure vulnerabilities. The Application Security Engineer is expected to design, execute, and refine security testing methodologies, assess authentication and authorization controls, and provide recommendations for secure architecture. Additionally, this role supports compliance initiatives, conducts security training, and enhances the organization's overall security posture through proactive threat hunting and risk analysis.

• Proactively identify cybersecurity risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives by attempting to breach system security. Assess authentication mechanisms, authorization controls, and cryptographic implementations for vulnerabilities.
• Partner with IT teams to remediate vulnerabilities, assess effectiveness of remediation activities and enhance overall security posture.
• Conduct manual and automated static code analysis (SAST) to detect security flaws in source code.
• Provide strategic recommendations for remediation, risk mitigation, and targeted security training based on penetration testing findings.
• Create detailed security reports, including risk assessments, vulnerability findings, and remediation steps.
• Conduct secure code reviews in programming languages like Python, Java, JavaScript, C#.
• Ensure security controls align with compliance frameworks
• Conduct security awareness training for developers and administrators on secure coding and configuration practices.
• Stay up to date with emerging threats, attack techniques, and regulatory changes.

• May assist with new responsibilities resulting from Information Technology (IT) and security business transformation.
• Other duties as assigned.

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, or related field (or equivalent education & work experience).
• 5 years of experience in cybersecurity with practice in penetration testing large and complex enterprise networks, threat hunting and vulnerability assessments
• One Offensive Security Certification (OSCP, OSEP, OSWP, OSWA, OSWE)
• Expertise in secure software development lifecycle
• Familiarity with MITRE ATT&CK, cyber kill chain, and adversary simulation tools.
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills
• Familiarity with security frameworks and compliance requirements
• Experience with testing tools such as Nmap, SQLmap, Metasploit, Wireshark, Nessus, Burp Suite, or other similar tools

• Possess in-depth knowledge of both information security and computer science.
• Programming experience with focus on penetration testing or process automation
• Experience executing advanced concepts such as application manipulation, exploit development, and stealthy offensive operations.

• Office Environment
• Ability to read, hear, speak, keyboard, reason, communicate effectively and problem solve
• Requires prolonged sitting and telephone usage
• Requires the use of office equipment such as computers, telephones, copiers and printers
• Infrequent lifting to 15 pounds
• Infrequent stooping

Every employee is responsible to perform their duties and responsibilities in accordance with Noridian values, policies and procedures, including but not limited to: Segregation of Duties Principles, HIPAA, Security and Privacy, CMS requirements, the Noridian Compliance Program and any other applicable laws, rules and regulations.

This document describes the essential functions, requirements, and responsibilities of this job, and is not intended to be a complete list of all tasks and functions. Employees may be requested to perform job related tasks other than those specifically listed in this description and may be required to perform any task requested by the supervisor or management.

Health, Dental and Vision Insurance, Voluntary Insurance Plans, Health Savings and Flexible Spending Accounts, 401k and Company Match, Company-paid Life Insurance, Education Assistance Program, Paid Sick Leave, Paid Holidays, Increasing PTO Accrual Plan, Medical/Parental/Disability Leave, Workers Compensation, Retiree Benefits, Severance Package, Employee Assistance Program, Financial and Health Wellness Benefits, Casual Dress, Open Office Setting, and Online Learning System.

Some positions require compliance with (i) federal, and agency specific regulations and related clauses included in Noridian's prime contracts with the Government, (ii) background checks, and (iii) eligibility for a government-issued identification card.

An employee in this position may be required to possess a "Federal Identification Card" (Federal ID) as a condition of employment. Federal ID's may include one of the following: Personal Identity Verification (PIV) card, Personal Identity Verification-Interoperable (PIV-I) card, a Local-Based Physical Access Card issued by CMS, or a Local-Based Physical Access Card issued by another Federal agency and approved by CMS. Obtaining a Federal ID and continued eligibility for this position may require the successful completion of a Federal Background Investigation performed by the Federal Government and a residency requirement that you have lived in the United States at least three out of the last five years. Failure to obtain a Federal ID may result in the removal from the position or termination of employment.

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.

Below is the salary range for potential new hires.

Salary Range: The pay range for this position is $79,267.71 - $130,374.83 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors.

Other Compensation: Incentive Plan and Lifestyle Benefit

This job will be closed 03/31/2025 at 4:30 PM CST. No further applications will be considered.