Application Security Engineer

MotionPoint Corporation is committed to achieving the optimal level of security and privacy protection for our and our customers’ information assets while providing a safe and secure computing environment in which to conduct our daily business actives. The Application Security Engineer is responsible for implementing and executing world-class security solutions and processes to maintain a secure operating environment. This individual will work with our vendors and our Technology team to design, implement, and configure automated security and monitoring controls. Empowering a strong security conscious DevSecOps culture, the Application Security Engineer will help maintain the security posture of MotionPoint’s products and infrastructure by continuous monitoring and generating reports on threats and vulnerability. This will require an understanding of business needs with a focus on risk-based implementation of security controls such as WAF, SAST, DAST within CI/CD.

Primary Responsibilities

• Define and operationalize security standards, policies, and procedures.
• Automation of vulnerability assessments and other security related SecOps tasks.
• Drive systematic vulnerability scans across all products and report major vulnerabilities to development and follow up on resolutions.
• Identify new security threats by conducting continual monitoring, web application penetration testing, vulnerability assessments and log and event analysis.
• Create and maintain weekly/monthly reports to ensure compliance with PCI DSS and HITRUST.
• Stay current on emerging security threats, vulnerabilities, and recommended controls.
• Serves as the subject matter expert (SME) on Application Security.
• Collaborate closely within the Development team and cross-functional groups within MotionPoint.

Requirements

• Bachelors degree in Computer Science, Software Engineering, or other Technology related field with minor in Computer Science;
• Five (5) years technology or information security related experience;
• Hands on experience of working with various security tools like Veracode, Alert Logic, Rapid7 and various industry standard intrusion detection tools/services like GuardDuty.
• Experience in performing web application penetration testing, application security scans or working with third-party vendors providing these services.
• Strong experience in web application security (e.g., XSS, CSRF, SQL injection, etc).
• Strong development background with security mindset, preferably in Java, Javascript, React, Node.js, Python, Angular
• Experience with identifying and exploiting the unique security risks of cloud computing platforms including AWS and Azure.
• In-dept understanding of SAST, DAST, IAST methods.
• Excellent written and verbal communication skills targeting a broad range of audiences from engineers to senior leadership.

Skills And Competencies

• Maintains strong problem solving and creative skills, able to act decisively in making solid, informed judgment calls in response to both the technological and critical regulatory environment and the day-to-day business issues;
• Ability to articulate security risks and vulnerabilities.
• Ability to set priorities and balance likelihood and business impact against cost of remediation and competing business interests;
• Possesses effective communication and presentation skills to articulate policies, procedures and plans to senior level management;
• Possess a competency in project management methodology; and
• Every team member exhitbits MotionPoint’s core values:
  • Integrity
  • Teamwork
  • Balance
  • Continuous Improvement
  • Effort
  • Innovation