Glocomms is partnered with a leading international law firm looking for an experienced individual with subject matter expertise in Application Security Engineering. This is a senior position that will collaborate with diverse stakeholders to fortify the firm's systems against threats.
Focus Areas Include:
Security Architecture and Design Reviews:
- Conduct in-depth security assessments of applications and services.
- Evaluate security controls, ensuring alignment with industry best practices.
Integration of Security Tasks:
- Infuse security considerations into various stages of system development (planning, design, implementation, operations, maintenance, and disposal).
Security Controls Implementation:
- Collaborate closely with engineering teams to develop, implement, and monitor security controls that shield applications, services, and sensitive data.
Vendor Solution Validation:
- Scrutinize technical solutions proposed by vendors.
- Verify their effectiveness and adherence to security standards.
Innovative Solutions and Automation:
- Engineer technical solutions that address vulnerabilities.
- Develop security tools to automate detection and mitigation tasks.
Policy Enhancement:
- Identify gaps in existing policies and propose necessary updates.
- Craft new policies to enhance our security posture.
Comprehensive Reporting:
- Generate detailed reports based on thorough assessments.
- Provide actionable findings and enhancement recommendations.
Threat Modeling:
- Create threat models for enterprise applications.
- Map attack vectors and potential threats.
Collaboration and Mitigation:
- Engage with engineers, consultants, and leadership to mitigate security risks within the Software Development Life Cycle (SDLC).
Self-Testing and Continuous Monitoring:
- Guide self-assessment processes, assess security controls, and prepare remediation plans.
- Maintain vigilant monitoring to protect our digital assets.
Key Qualifications:
- 10+ years experience in security engineering and/or architecture. Application design experience preferred.
- B.S. in Computer Science or related technical discipline.
- Thorough understanding of application security and cloud security engineering best practices.
- Hands-on experience in related systems security focus areas ie. vulnerability management, IAM, secure development, quality assurance testing.
- Strong program management skills and the ability to advocate for security priorities to both technical and nontechnical stakeholders.
Preference will be given to candidates located in one of the firm's major U.S. hubs (NYC, DC, Chicago). Unfortunately visa sponsorship is not available at this time.
This is a full-time, direct-hire position; candidates seeking C2C/C2H employment will not be considered.