Application Security Engineer

Job Title
Application Security Engineer
Job Code
R44037
Job Series
Application Security Engineer
FLSA Status
Exempt
OCC Group
Professional Services (PS)
General Statement Of Duties

Assists the Information Security Manager (ISM) with the implementation of security policies, procedures and standards. This position works in close partnership with application development and operations teams. Work involves implementation of security into the Agile process for application development. Investigate and understand projects and technologies and give security guidance to ensure that controls are properly implemented.

Distinguishing Factors

This position is distinguished from other information technology positions by the responsibility of providing technical leadership of security initiatives. Position is within the Information Technology Services (ITS) division with a focus on information security. Employees in this position report to the Information Security Manager.

Essential Functions Of the Position

Assists in the implementation of new technologies ensuring secure code and application configurations.

Responsible for full knowledge of the Colorado Judicial Department's goals as established by its cyber security plan, stated policies, procedures and standards and actively works towards upholding those goals.

Assists in performing, monitoring, and maintaining relevant security systems and provides support and troubleshooting for those systems when required.

Responsible for performing software architecture security analysis, web application penetration testing, and application reverse engineering.

Responsible for performing application vulnerability assessments and working with technology stakeholders to remediate findings.

Responsible for performing security code review across a variety of programming languages.

Responsible for development, documentation and implementation of application security procedures.

Responsible for operation, support, configuration and maintenance of security tools required for application testing.

Responsible for security evaluation and review of all new application technologies; to include cloud solutions.

Collaborates with internal stakeholders on addressing application security issues.

Adheres to established change control procedures and assists the development team during the application testing and deployment process.

Executes security incident response process as needed.

Provides Tier 1, 2 and 3 support for relevant information security related systems, supporting application development and business analysts in troubleshooting production issues.

Develops and maintains good working relationships with all Department employees and vendors.

Acts as a resource to internal ITS staff, judicial districts, other state agencies, and/or other organizational units as directed.

Travel throughout the state of Colorado is required at times, not to exceed 10% of the time.

Shares on-call support for all in-place security solutions.

Attends meetings and training as required.

Performs other duties as assigned.

Supervisor Responsibilities

Responsible for one's own work product and provide guidance, assistance, or mentorship to less knowledgeable or experienced coworkers, volunteers, or interns. This may include scheduling of work, instructing in work methods, and reviewing work products. May provide input into hiring, performance evaluation, and discipline/termination processes.

Minimum Education

Graduation from an accredited college or university with a bachelor's degree in computer science or related field and five years of related work experience preferred. CISSP and CSSLP is preferred.

OR

Additional relevant experience may substitute for the required education on a year-for-year basis as follows: graduation from high school or equivalent and four years working in computer related areas; one yeas of direct security related experience is preferred. CISSP and CSSLP is preferred.

PREFERRED KNOWLEDGE and EXPERIENCE

Key Qualifications

- Java
- JavaScript and JavaScript frameworks such as JQuery
- CSS
- HTML
- SQL, Relational Databases
- Object oriented analysis and design
- Subversion or GIT
- Excellent verbal and written communication skills
- Schedule driven

Preferred Qualifications

- JBoss Application Server
- SpringMVC or similar framework
- Eclipse/IntelliJ IDE
- Maven
- AJAX
- PDF Tools
- XML
- XSD, XHTML
- Java Messaging Frameworks
- Web Services
- JSON
- DB2, MySQL
- Python
- TestNG Experience
- Continuous Integration Methodologies and Tools

Experience utilizing Agile delivery methods

Physical Demands

While performing the duties of this job, the employee is regularly required to talk and hear. The employee is frequently required to sit and reach with hands and arms and perform repetitive motions with wrists, hands, and fingers. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds or more. Specific vision abilities required by this position include close vision, color vision, depth perception, ability to adjust and focus, and the ability to see clearly at 20 feet or more.

Work Environment

While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts, work in high precarious places and the risk of electrical shock. Frequently handles emergency or crisis situations and may be subject to varying and unpredictable situations and work hours. The employee is subject to frequent interruptions, multiple calls and inquiries, and may occasionally handle absentee replacement on short notice. The noise level in the work environment is usually moderate.