Job Title: Application Security Engineer (Part-Time Contractor)
Location: Remote (United States)
Compensation: $110 - $140 per hour
Time Commitment: 15-20 hours per week for 3 months
Job Overview:
We are seeking an experienced Application Security Engineer to join our team and support our client's security initiatives. This role is critical in ensuring the security and integrity of their applications and services.
This is a part-time contractor position requiring a commitment of 15-20 hours per month for an initial period of 3 months, with the possibility of transitioning to a full-time role. We are looking for candidates who are available immediately, based in the United States, and able to work as 1099 contractors.
Key Responsibilities:
Security Vulnerability Management:
- Triage and Validation:
- Identify, triage, and validate security vulnerabilities, filtering out false positives.
- Prioritization and Ticketing:
- Assign priority levels based on the client's procedures.
- Create detailed Jira tickets with comprehensive remediation instructions.
- Collaboration:
- Work closely with developers to clarify vulnerabilities and provide effective remediation recommendations.
- Validate updates to ensure vulnerabilities are adequately addressed.
- Risk Alignment:
- Align vulnerability management ratings with business risk priorities (e.g., availability, community trust).
- Propose definitions if business risk priorities are not already established.
- Process Review:
- Evaluate the client's vulnerability management processes, focusing on prioritization against other developer tasks.
- Identify mechanisms to increase prioritization for specific classes of vulnerabilities.
Developer Support:
- Education and Training:
- Assist in educating developers on security issues and best practices.
- Conduct security training sessions and workshops to enhance secure coding practices.
- Tool Evaluation:
- Participate in evaluating security tools in collaboration with Security Leads and business stakeholders.
Vulnerability Reporting:
- Management of Reporting Sources:
- Oversee the client's vulnerability reporting platforms, including:
- Bug Bounty Programs
- GitHub Advanced Security (CVE, code vulnerabilities, and secrets scans)
- Wiz for live CVE monitoring
- Emails from external security researchers
- Additional CVE, product, and code vulnerability sources as applicable.
- Bug Bounty Program Management:
- Manage and review bug bounty reports.
- Prioritize findings and communicate effectively with the development team.
- Collaborate with internal teams and bug bounty platforms to refine program policies and improve report quality.
Analysis & Deliverables:
- Gap Analysis and Assessment:
- Deliver a brief gap analysis and assessment of the Product Security program.
- Include tool recommendations and identify high-impact improvement opportunities.
- Metrics and Reporting:
- Recommend and implement tools for key metrics reporting.
- Create reporting structures to track vulnerabilities and time-to-remediation.
- Leadership Engagement:
- Participate in meetings with leadership to provide program development and alignment support.
Qualifications:
- Education:
- Bachelor's degree in Computer Science, Information Security, or a related field preferred or industry certifications
- Technical Experience:
- Minimum of 5 years of experience in application security engineering.
- Proven experience with AWS security practices. GCP experience is desirable, but not required.
- Proficiency with security tools such as CSPM, SAST, DAST, Vulnerability Management Tools
- Experience managing vulnerability reporting platforms like bug bounty programs and GitHub Advanced Security.
- Strong understanding of CVEs, Software Composition Analysis (SCA), and vulnerability management processes.
- Experience with Jira for ticketing and project management.
- Familiarity with software development practices and secure coding principles.
- Leadership and Communication:
- Demonstrated leadership abilities with the capacity to influence and guide cross-functional teams.
- Excellent communication skills, both written and verbal.
- Ability to explain complex security issues to developers and non-technical stakeholders.
- Developer Experience:
- Background in software development is highly desirable.
- Ability to collaborate effectively with development teams to implement security best practices.
Why Join RevolutionCyber:
- Immediate Impact:
- Be available to start immediately and make a significant impact on high-profile projects.
- Flexible Engagement:
- Opportunity to work remotely as a 1099 contractor with the possibility of transitioning to a full-time role.
- Excellence and Integrity:
- Join a team that strives for excellence and operates with integrity on sensitive projects.
- Professional Growth:
- Engage in challenging work that enhances your skills and contributes to your professional development.
Additional Requirements:
- Background Check:
- Must be willing to undergo a background check due to the sensitive nature of our projects.
- Eligibility:
- Must be based in the United States.
- Available to commit to a 3-month contract with the potential for contract-to-hire.
How to Apply:
Please submit your resume here detailing your relevant experience and how you can contribute to security initiatives.
Equal Opportunity Employer:
Client is an equal opportunity employer and values diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
About RevolutionCyber:
RevolutionCyber is a leading cyber security consultancy specializing in providing top-tier security solutions to clients across various industries. Our team of experts is dedicated to protecting sensitive information and ensuring the integrity of our clients' digital assets. We pride ourselves on delivering excellence and innovative security strategies tailored to meet the unique needs of each client.
At RevolutionCyber, we are committed to delivering solutions while maintaining the highest standards of professionalism and integrity. Our consultants are experts in their fields, working on sensitive projects that require discretion and a dedication to excellence. We believe in fostering a collaborative environment where innovation thrives, and every team member's contribution is valued.