Job Description

Security Application Engineer

Vulnerability Management Engineer I - Cybersecurity

Who we are:

Born digital, UST transforms lives through the power of technology. We walk alongside our clients and partners, embedding innovation and agility into everything they do. We help them create transformative experiences and human-centered solutions for a better world.

UST is a mission-driven group of over 29,000+ practical problem solvers and creative thinkers in over 30+ countries. Our entrepreneurial teams are empowered to innovate, act nimbly, and create a lasting and sustainable impact for our clients, their customers, and the communities in which we live.

With us, you'll create a boundless impact that transforms your career-and the lives of people across the world.

Visit us at UST.com.

You Are:

UST is seeking a highly skilled and motivated Application Engineer to join our team. Our company values collaboration, creativity, and excellence in delivering cutting-edge solutions to our customers. As an Application Engineer embedded within our Agile development teams, you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. While working closely with cross-functional Agile teams, you will report directly to the Information Security Application Security Team to act as a liaison and subject matter expert aligning efforts across the broader security strategy.

The Opportunity:

• Partner with enterprise and solutions architects, software engineers, product owners, DBAs, and QA engineers to ensure adequate security is in place throughout the SDLC.
• Collaborate with Agile teams throughout the software development lifecycle to integrate security requirements, perform risk assessments, and address security issues.
• Provide guidance and support to Agile teams on secure coding principles, security frameworks, and OWASP Top 10 vulnerabilities.
• Conduct threat modeling exercises with Agile teams to identify potential security threats and recommend appropriate mitigation strategies.
• Plan, coordinate, and execute security testing activities, including penetration testing, vulnerability scanning, and security assessments. (Experience with Dynamic Application Testing)
• Assist in incident response activities related to application security incidents and contribute to post-incident reviews to improve security measures.
• Promote security awareness within Agile teams by organizing workshops, and training sessions, and providing timely security updates.
• Maintain accurate and up-to-date security documentation, including security guidelines, standards, and procedures, to ensure compliance with industry regulations.
• Continuously monitor and assess the security posture of applications, propose enhancements, and drive the implementation of security improvements.
• Identify and communicate potential security risks and vulnerabilities to the Information Security Application Security Team, helping in the formulation of risk management strategies.
• Foster a collaborative and productive working relationship with Agile teams, sharing knowledge and best practices to improve overall security awareness and practices.
• Evaluate and recommend security tools, solutions, and technologies that align with the organization's security goals.

This position description identifies the responsibilities and tasks typically associated with the performance of the position. Other relevant essential functions may be required.

What you need:

• 1+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of application security.
• Knowledge of web application (SaaS) design best practices and secure software development.
• Familiarity with relevant security standards, regulations, and frameworks (e.g., OWASP, NIST, ISO 27001).
• Experience with SOAP and REST APIs.
• 1+ years of experience completing application security testing engagements and reports.
• Solid knowledge of common web application security vulnerabilities, secure coding principles, and secure development frameworks.
• Demonstrated ability to work collaboratively within a team and across departments to achieve common security goals.
• Strong problem-solving skills and the ability to think critically under pressure.
• Self-motivated, proactive, and able to work independently with minimal supervision.
• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CSSLP) are a plus.
• Experience with security testing tools and techniques (e.g., SAST, DAST, IAST) to identify and remediate security issues.
• Strong understanding of Agile software development methodologies and experience working closely with Agile development teams.
• Strong knowledge of .NET 4.0+ and Core, MVC 4/5, and Entity Framework.
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
• Knowledge of DevSecOps practices and experience with CI/CD pipelines is desirable.

What we believe:

We're proud to embrace the same values that have shaped UST since the beginning. Since day one, we've been building enduring relationships and a culture of integrity. And today, it's those same values that are inspiring us to encourage innovation from everyone to champion diversity and inclusion, and to place people at the center of everything we do.

Humility:

We will listen, learn, be empathetic and help selflessly in our interactions with everyone.

Humanity:

Through business, we will better the lives of those less fortunate than ourselves.

Integrity:

We honor our commitments and act with responsibility in all our relationships.

Equal Employment Opportunity Statement

UST is an Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

UST reserves the right to periodically redefine your roles and responsibilities based on the requirements of the organization and/or your performance.