Application Security Engineer

Description

The Application Security Engineer performs security audits and testing throughout the development lifecycle and integrates security best practices with development teams. This role involves triaging and demonstrating the impact of security vulnerabilities, maintaining security scanning tools, and serving as the technical escalation point for complex security issues. The position requires providing guidance on secure coding practices, vulnerability remediation, and vulnerability severity while educating development teams on emerging threats and defensive programming techniques to foster a security-aware development culture.

Responsibilities

• Test all Tyler products for OWASP Top Ten vulnerabilities using both automated and manual testing.
• Produce application security assessment reports with clear reproduction steps, impact, and actionable recommendations.
• Maintain a vulnerability tracking platform for all Tyler products.
• Point of escalation for validating vulnerabilities received via vulnerability disclosures, incident response and high impact zero days affecting Tyler Technologies.
• Execute project plans and maintain the scope, schedule, and each party’s responsibilities.
• Catalog and maintain a list of all Tyler products and which technologies each are utilizing.
• Conduct planning sessions with key development leaders to identifying security gaps in the current software development life-cycle.
• Consult for development groups and recommend mitigation techniques for known and upcoming application and system vulnerabilities.
• Assist divisions with implementing regular automated and manual testing as a part of their software development life-cycle.
• Educate Tyler employees on offensive security topics.
• Provide industry standard recommendations and nuanced recommendations to development teams.
• Research, develop and maintain tools to detect and validate application security vulnerabilities at scale.
• Perform network segmentation tests for PCI compliant environments.
• Execute projects to increase Tyler’s overall security posture.
  
  

• Bachelor’s degree in information technology, computer science, information assurance, or related field, or comparable work experience.
• Understanding of the following security concepts:
• Application vulnerability assessments
• Common application and operation system weaknesses
• Penetration testing methodologies
• Perimeter security (firewalls, intrusion detection, etc.)
• Regulatory compliance standards: PCI-DSS, SOX, HIPAA
• AWS Cloud Managed Services
• Strong verbal, written communication, and interpersonal skills.
• 2+ years with confirmed ability in Application Security, Cybersecurity, or web application frameworks.
• Currently hold or able to obtain offensive security certification(s) shortly upon hire (e.g., GWAPT, OSCP, CBBH, CPTS, GPEN, OSWA, GCPN, PWPA)
• Ability to prioritize and complete multiple tasks in a fast paced, technical environment.
• Demonstrated ability to maintain a positive, professional attitude.
• Experience with the following security testing tools (or similar): BurpSuite, Kali Linux, SQLMap, Metasploit, and Nmap.
• Experience with at least one of the following languages:
• C#
• Java
• PHP
• TSQL
• Experience with at least one of the following scripting languages:
• Python
• PowerShell
• Bash
• Ability to weigh business needs against security concerns.
• Ability to recognize vulnerabilities in source code analysis.
• Strong negotiation, conflict resolution, and persuasion skills.