Application Security Engineer role at CData in Chapel Hill

CData in Chapel Hill is hiring a Application Security Engineer


This job might already be filled.

In the age of digital transformation, data has become increasingly vital to core business operations. But with so many cloud applications and platforms available today, data has become more decentralized than ever.

CData is the real-time data connectivity company. Our easy-to-use integration products allow users to work with their data where, when, and how they need it. With a robust library of real-time data connectors, users can access data from hundreds of applications, tools, and systems – on-premises or in the cloud.

CData is headquartered in Chapel Hill, NC, with about 350 team members worldwide. More than 10,000 organizations rely on CData technologies to overcome data fragmentation challenges and unlock value from diverse, dispersed data assets.

Application Security Engineer

The Application Security Engineer is responsible for leading department-wide focus on the strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a hands-on position that requires a great deal of general security experience, as well as application development experience and secure coding knowledge.

Location(s):** **North Carolina Research Triangle preferred, or Remote (if we find someone in India that may work too)

Day-to-Day Responsibilities:

Responsibilities include but are not limited to:

  • Manage threat detection & SIEM platforms.
  • Advise in, and participate in, the design of secure products and architectures.
  • Perform architecture security reviews, security focused code reviews, and security testing.
  • Create or approve documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, product deployment, and code review methodologies.
  • Evaluate potential security related issues and make recommendations on third party tools and components.
  • Mentor more junior engineers by leading and influencing technical decisions, processes, and best practices with an expert ability to explain technical concepts in written and verbal forms.
  • Work closely with engineering and product teams to design and implement security-related systems and functionality, including writing secure code as necessary, and verification of threat models, risk, and security posture.
  • Monitor software usage and perform forensics to verify that the software and infrastructure is performing to the required security standards.
  • Perform constant monitoring and awareness of key developments in the area of systems, web application, and client application security in order to provide direction of security trends and anticipate emerging standards and best practices.
  • Attend all meetings necessary for the seamless delivery of the product as part of the Software Development Life Cycle for both On-prem and SaaS.
  • Engage with customers as needed for deep dives into CData SDLC controls.
  • Manage and conduct penetration testing and security code reviews.
  • Lead hands-on trainings for engineering teams following OWASP top risks.
  • Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company's mission and goals, as well as promoting cooperation and knowledge sharing.

Qualifications:

  • 8+ years of increasing responsibility and complexity in terms of any applicable professional experience.
  • Bachelor's Degree or global equivalent in related discipline.
  • Typically holds 2 or more industry certifications CISSP preferred.
  • Actively engage using unique wide-range of professional skills with an expert understanding of industry practices and compliance – SOC2, ISO, NIST.
  • Excellent planning / organizational skills and techniques.
  • Excellent analysis and problem-solving skills.
  • Excellent writing, presentation, and communication skills.
  • Excellent negotiating skills.
  • Excellent knowledge of secure application programming, coding life cycles and designs.
  • Excellent understanding of security principles, best practices architectures, tools and processes
  • Advanced knowledge of multiple current operating systems, network architecture and hosting environments Azure, AWS.
  • Excellent knowledge of authentication protocols and encryption.
  • Advanced knowledge of data storage formats, tools and languages.
  • Advanced knowledge in supply chain / build release risks.
  • Advanced knowledge in Application Penetration testing tools and processes.
  • Advanced knowledge of technical stacks, React, .Net, Java, APIs, and SQL Server BD.

Travel Required:** **10%

Benefits

  • 11 Paid Holidays
  • 20 Days of PTO
  • Employer-paid Medical, Dental, and Vision plans (100% for employee, 50% for dependents)
  • HSA with Company Contribution
  • Employee Assistance Program
  • 401k with 6% Immediately Vested Company Match
  • Professional development opportunities

_CData is not currently registered as an employer in the following states, and therefore, applicants from these states will not be considered: _Alaska, Arkansas, California, Colorado, Connecticut, Delaware, Hawaii, Idaho, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Mississippi, North Dakota, Nebraska, New Hampshire, New Mexico, Nevada, Oklahoma, Oregon, Rhode Island, Vermont, West Virginia, and Wyoming.

CData Software is an equal opportunity employer and is committed to providing equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity, genetic information, or any other characteristic protected by applicable federal, state, or local laws.