SECURITY ENGINEER - WEB APPLICATION

We are seeking a skilled and motivated Web Application Security Engineer to join our team. As a Web Application Security Engineer, your primary focus will be on managing, monitoring, and responding to security alerts generated by the security tools, while also possessing a solid understanding of various aspects of web application security. You will work closely with development teams to ensure the continuous effectiveness of security measures, identify vulnerabilities, and implement appropriate controls. The ideal candidate will have a strong technical background, a good understanding of web application security principles, and the ability to excel in managing, monitoring, and responding to security alerts.

• Assist in determining needs and implementing configurations of various tools based on incoming requests.
• Assist in the testing and validation of security controls to ensure their effectiveness and compliance with industry standards.
• Manage, monitor, and respond to security alerts generated by the security tools specific to our web application environment.
• Investigate and triage security alerts, taking appropriate actions and escalations as necessary.
• Assist in security assessments and penetration testing to identify potential vulnerabilities and recommend suitable solutions.
• Monitor security logs, alerts, and events to proactively identify potential security incidents.
• Create and maintain metrics to track the performance and efficacy of security tools, programs, and controls.
• Contribute to compliance efforts by ensuring adherence to relevant security standards, regulations, and policies.
• Stay updated with the latest web application security trends, emerging threats, and industry best practices to enhance security measures.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 3-5 years of relevant experience in web application security, with proficiency in programming languages (HTML, CSS, JavaScript, ASP.NET, PHP, Java, etc.).
• At least one industry standard certification such as Certified Ethical Hacker (CEH), GIAC Certified Web Application Defender (GWEB), Certified Information Systems Security Professional (CISSP), Certified Application Security Engineer (CASE) or other security vendor certification.
• Understanding of web application security fundamentals, secure coding practices, and common vulnerabilities (such as SQL injections, cross-site scripting).
• Demonstrated experience in managing, monitoring, and responding to security alerts generated by security tools and programs specific to web application security.
• Experience with managing and maintaining Content Delivery Networks (CDNs) and their configurations, preferably Cloudflare.
• Familiarity with security testing and assessment tools (such as Burp Suite, OWASP ZAP, Nikto, Nessus, Nmap) and their application in vulnerability identification and mitigation.
• Knowledge of secure software development lifecycle (SDLC) methodologies and ability to apply security principles throughout the development process.
• Familiarity with security standards and frameworks (OWASP, NIST, PCI DSS, ISO 27001) and their practical application in securing web applications.
• Excellent communication and collaboration skills with the ability to work effectively with technical and nontechnical stakeholders.
• Strong analytical mindset and problem-solving abilities to identify and address security risks and vulnerabilities.
• Self-motivated with a passion for continuous learning and professional development in the field of web application security.

Native American Preference Policy:

The Tribal Council gives preference in all of its employment practices to Native Americans. First preference in hiring, training, promoting and in all other aspects of employment is given to members of the Seminole Tribe who meet the job requirements. Second preference is given to members of other federally recognized Native American Tribes who meet the job requirements.