1+ months

Principal Application Security Engineer

Kelly Services
Memphis, TN 38111
Kelly Technology has an opening for a **Principal Application Security Engineer** to work with our global supply chain/logistics organization.

**Type:** Direct Hire

**Location:** Atlanta, GA can be remote and willing to travel quarterly to the site.

The Global Software R&D Organization is responsible for delivering innovative software products to support a wide range of intralogistics, material handling, and management solutions. These products play a major role in powering the logistics operations of enterprises in a wide range of industries worldwide including eCommerce activities.

We are looking for a **hands-on** , dynamic, and enthusiastic **Principal Application Security Engineer** to lead our application security team. This is an exciting opportunity to join our application security efforts related to the development of various projects in IoT, Intralogistics, Control, Cloud, and Edge systems that aim to transform the industry.

The is a key member of the Software R&D team. This role is hands-on application security that applies expertise in application security and knowledge of security best practices to the development of existing and future products. Senior Application security engineer not only demonstrates the skills and knowledge of a seasoned hands-on security professional but also participates in efforts to enhance application security and development practices of product teams.

Key responsibilities:

+ Support overall SSDLC activities to incorporate effective security for all product development (i.e. Security by Design and Security by Default.)

+ Perform/arrange for static, dynamic, and penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediating controls in collaboration with development teams.

+ Provide Technical leadership in, and coaching/mentoring for, application security matters related to various software development activities spanning cloud, on-premise/edge and controls software.

+ Establish business continuity and disaster recovery plans

+ Develop, validate, and maintain an incident response plan and processes to address potential threats.

+ Provide leadership for the technical oversight related to the implementation and operation of application security and information security tools, technologies, solutions, and methodologies.

+ Stay abreast of application security best practices, technology trends, tools, and frameworks

+ Hands-on experience of application security scanning tools and how to manage vulnerability findings: SAST, DAST, SCA

+ Experience reviewing architecture design document for security input

+ Must have experience with agile methodologies

+ Perform security manual and automated penetration testing of the web application, APIs and system

+ Provide vulnerability prioritization and guidance on remediation

+ Define procedures for vulnerability scanning and penetration testing and mitigating issues found from this testing.


+ BS in Computer Science or related field; MS in Computer Science or related field, with information security specialization, preferred

+ 5-8+ years of technical experience in the application security

+ 4+ years of manual penetration testing experience

+ 4+ years of automated vulnerability scanning testing

+ Ability to interpret dynamic/static analysis tools, and penetration test results

+ Strong experience in identifying and remediating java applications

+ Strong experience in identifying and remediating cloud-based applications

+ Knowledge of application security aspects of industrial control networks is a plus

+ Experience working with security regulatory requirements and standards (such as NIST 800 series, ISO 2700x series, GLBA, FFIEC)

+ Firm grasp of concepts and technology across all technology areas to be able to spot gaps and develop appropriate controls.

+ Strong foundation and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls.

+ Strong experience and in-depth knowledge of security standards and best practices (OWASP, SANS 25, etc.) as it related to cloud, web, and mobile applications.

+ Strong experience and in-depth knowledge of STIGs (Security Technical Implementation Guide) standards and implementation

+ Ability to read and write one or more common programming languages such as Java, JavaScript, C/C++, Python, including 2+ years of hands-on programming or script writing including 3+ years of working with cloud applications

+ Strong knowledge of core information security principles and concepts (including TLS, secure HTTP and MQTT, OAuth/OAuth2) including virtualization technologies

+ Experience with (network) security tools such as Snort, Nessus, Metasploit, Burp Suite, Nexpose, Veracode, Qualys and Core Impact

+ Hands-on experience securing cloud application in GCP, AWS, and Azure cloud environment

+ Strong knowledge in security architecture, system, and network security

+ Security certification CISSP, OSCP, CEH, or equivalent. Certifications related to cloud development/security are highly desirable.

If you are qualified and interested, please forward your email to or call directly 831-229-5330.

**You should know:** Your safety matters! Vaccination against COVID-19 may be a requirement for this job in compliance with current client and governmental policies. A Kelly recruiter will confirm and share more details with you during the interview process.

**Why Kelly** **** **?**

By partnering with Kelly Technology, youll have direct connections to top companies around the globegiving you the chance to put your tech skills to work on some of todays most intriguing, innovative, and high-visibility projects. In a world where change is the only constant, our unparalleled connections and IT market expertise help you take your skills exactly where you want to go. Were here to help you gain experience, keep learning, and move your career forward.

**About Kelly** ****

At Kelly, were always thinking about whats next and advising job seekers on new ways of working to reach their full potential. In fact, were a leading advocate for temporary/nontraditional workstyles, because we believe they allow flexibility and tremendous growth opportunities that enable a better way to work and live (plus, did we mention we provide a ton of benefits ?). Connecting great people with great companies is what we do best, and our employment opportunities span a wide variety of workstyles, skill levels, and industries around the world.

Kelly is an equal opportunity employer committed to employing a diverse workforce and providing accommodations for people with disabilities in all parts of the hiring process as required under its Employment Accommodation Policy. Kelly will work with applicants to meet accommodation needs that are made known to Kelly in advance.
Posted: 2022-05-23 Expires: 2022-07-23

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Principal Application Security Engineer

Kelly Services
Memphis, TN 38111

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast