Application Security Engineer

Application Security Engineer

Tyler Technologies is seeking an Application Security Engineer to catalog, audit, and test Tyler products for application security vulnerabilities.

The Application Security Engineer position involves conducting application security assessments against Tyler products and systems, maintaining metrics of vulnerabilities, collaborating with development groups to triage and remediate. The Application Security Engineer will work to improve automated and manual security testing practices in all development groups. The Application Security Engineer will have direct impact on the security posture of our company, ensuring that Tyler products are effectively protecting client data and systems from attackers.

Location

Yarmouth, Maine

Responsibilities

  • Execute project plans and maintain the scope, schedule, and each party’s responsibilities.
  • Catalog and maintain a list of all Tyler products and which technologies each are utlizing.
  • Conduct planning sessions with key development leaders to identifying security GAPs in the current software development life-cycle.
  • Build and maintain a vulnerability tracking platform for all Tyler products.
  • Test all Tyler products for OWASP Top Ten vulnerabilities using both automated and manual testing.
  • Consult for development groups and recommend mitigation techniques for known and upcoming application and system vulnerabilities.
  • Assist divisions with implementing regular automated and manual testing as a part of their software development life-cycle.
  • Investigate enterprise security incidents and provide analysis to senior leadership.
  • Provide and execute projects to increase Tyler’s overall security posture.

Qualifications

  • Bachelor’s degree in information technology, computer science, information assurance or formal security training plus comparable experience.
  • IT certifications such as MCITP, CCNA, Network+, OSCP, CISSP, CSSLP
  • IT experience with deployment of various development frameworks and system stacks.
  • Experience with multiple operating systems, databases, and hypervisors including Windows, Linux, Unix, VMWare, HyperV, Oracle and MS SQL.
  • Experience with multiple authentication technologies, Active Directory, OpenID, SAML, and forms based.
  • Experience with various network technologies such as Intrusion Prevention Systems, Web Application Firewalls, and Load balancing technologies.
  • Excellent oral and written communication skills.
  • Excellent analytical and problem solving skills.
  • An ability to work both independently or as a team is critical.
  • Must be passionate about security and continuing education outside of work.
The ideal candidate will have advanced knowledge of:
  • Operating system, network, and application security vulnerabilities
  • Testing of OWASP Top Ten Vulnerabilities
  • Building exploitation scenario’s based on vulnerabilities
  • Security testing tools and frameworks (BurpSuite, Kali Linux, IBM AppScan, Dir Buster, Sqlmap, Metasploit, nExpose, nmap, OWASP ZAP, SOAPUI)
  • Strong knowledge of networking, firewalls, core programming methodologies
  • Scripting and Programming (PowerShell, Python, Bash, C#, Web Services, Ruby, JavaScript)

Apply Online
Requisition Number: 10-18-027

 

 

ljp