Job Description

Updated: Yesterday
Location: Canada-North America - CAN-Home-Based, Canada
Job ID: 22004546-CAN975

Description

JOB SUMMARY

The Application Security Engineer implements application security capabilities at Syneos Health. As a member of the Architecture and Engineering Practices organization, this role implements tools and processes for ensuring secure software development. The Application Security Engineer will work with the CISO and SecOps teams in supporting and operationalizing security policy.

Application Security Engineers employ various techniques at different stages of an application's software development lifecycle (SDLC) to protect against security vulnerabilities. Specialized application security skills are integrated into the engineering process including threat modeling, secure software development life cycle, security code reviews, and vulnerability testing and analysis.

.

JOB RESPONSIBILITIES

• Work with development teams to educate and enforce secure coding techniques.
• Support application security analysis tools including static application security testing (SAST), dynamic application security testing (DAST), and Software Composition Analysis (SCA)
• Provide subject matter expertise and feedback into development of a DevSecOps framework
• Develop and maintain application security standards
• Design solutions for Container Security, Cloud Security, and API Security
• Have solid understanding of OAuth 2.0, OpenID Connect, and SAML 2.0 methodologies
• Experience with any API Gateway and Web Application Firewall (WAF) is preferred
• Have experience in Cloud security in Azure or AWS cloud environments
• Perform application threat modelling
• Maintain the open-source policy and supporting tools (scanning & governance)
• Operationalize standards and practices for application SIEM / Logging and Monitoring

Qualifications

QUALIFICATION REQUIREMENTS

• Bachelor's degree in a related field
• Ten plus years of related experience
• IASA CITA (Certified IT Architect)
• ISC2 ISSAP (Information Systems Security Architecture Professional)
• ISC2 CCSP (Certified Cloud Security Professional)
• Thorough understanding of software security best practices such as BSIMM
• Software Engineering Security certifications such as: GIAC Web Application Defender (GWEB), GIAC Secure Software Programmer (GSSP), Certified Secure Software Lifecycle Professional (CSSLP), Secure Software Practitioner (SSP), Certified Application Security Engineer (CASE)
• Practical experience with one or more Web Application Firewall implementation for external facing applications.
• Cloudflare WAF is preferred and Azure WAF is a plus.
• Strong experience with REST APIs and, security of APIs covering authentication and authorization.
• Strong understanding and knowledge in SAML, OAUTH 2.0 and OpenID Connect authentication methodologies.
• Experience with API Security policy governance and API fine-grained authorization methodologies is a plus.
• Hands on experience with implementing code scanning tools such as SAST, SCA and DAST in devops pipelines is preferred.

As a healthcare company we have an important responsibility to protect individual and public health. Except in those locations where state or local law impacts this vaccination requirement, this position will require individuals to be fully vaccinated against COVID-19 as part of their job responsibilities unless an exemption can be confirmed based on a medical condition, sincerely-held religious belief, or other reasons recognized by applicable law. Submission and approval of an exemption request does not necessarily guarantee that an accommodation can be provided for any specific job.

Share this job