Senior Information Security Applications Engineer

at  Talentus

AT TALENTUS, WE ARE LOOKING FOR YOU!

We are a US company with a strong presence in LATAM and across 20 countries around the world. Some of our key near-shore BPO services include smart-sourcing, dedicated or cluster teams, managed IT services, software outsourcing, and the top ERP & CRM solutions, driven by our practices across many different industries.
We are currently looking for a Senior Information Security Applications Engineer to join our dynamic team! As a Senior Information Security Applications Engineer, you will work closely with our Engineering team on secure SDLC (Software Development Life Cycle) activities, participate in security operations, and contribute to the design, planning, and implementation of security-related projects. This role requires a deep understanding of application security, secure coding practices, and the ability to collaborate effectively with cross-functional teams.

REQUIRED SKILLS:

• Five years of experience in software development, engineering, or architecture.
• Substantial professional experience focused on security.
• Deep understanding of web application architecture design, software development, and related security concepts, including secure coding patterns, OWASP, data flows, authentication, and data protection.
• Exceptional communication and collaboration skills.
• Ability to shape and support secure practices carried out by others.
• Experience with threat modeling methodologies, ideally STRIDE.
• Ability to integrate security principles and techniques such as IAM, penetration testing, defense in depth, and change management into development processes.
• Proficiency in several coding languages and the ability to quickly learn and apply security concepts to new languages.
• Experience with relational database design and SQL query language.
• Solid organizational skills and ability to prioritize tasks.
• Ability to thrive in a fast-paced, constantly changing environment.
• High level of integrity, trustworthiness, and ethics.

DESIRED SKILLS:

• At least one security-focused certification related to skillset and experience.
• Technical experience with Windows and Linux operating system security configuration.
• Understanding of network architecture, including cloud-related security concepts, concerns, and technologies.
• Experience implementing governance models such as NIST CSF or ISO 27001.
• Experience with Agile project management techniques.
• Financial industry experience.
• Experience with regulated environments such as PCI, HIPAA, GLBA, SOX, FFIEC.

• Interact with the Engineering team on secure SDLC activities:
  . Manage and mature the application security program through direct interactions.
  . Work with architects and engineers to review and design security requirements.
  . Interact with sprint teams on security-related issues, such as secure code reviews, threat modeling, coding patterns, and security awareness.

. Determine and report on secure SDLC metrics.

• Participate in security operations activities:

. Review patch and vulnerability notifications as issued.
. Conduct vulnerability discovery, validation, and remediation tracking.
. Collaborate with IT teams to design remediations and shepherd them through to completion.

. Monitor and review indicators of compromise from various systems.

• Contribute to the design, planning, and implementation of security-related projects.
• Write, review, and update security documentation and respond to audit requests.