Join Triumph!
At Triumph, our vision is a world where freight transactions are accurate and seamless on the most modern and secure freight transaction network. That’s why we’re looking for passionate, innovative, solutions-oriented people to join our team. We thrive on providing exceptional customer service and we look for team members with an entrepreneurial spirit and a passion to build successful partnerships with our clients. Because at the end of the day our goal is to help our partners businesses run better.
Position Summary:
The successful candidate can comprehend all aspects of Cybersecurity and apply technical application security testing expertise to assist in identifying application vulnerabilities. As a Senior Application Security Engineer your responsibilities will include application security assessments, code reviews, penetration testing, and vulnerability management. The Senior Application Security Engineer is a technical role and serves as subject matter expert in product security architecture, security testing, secure design review and security engineering.
ESSENTIAL DUTIES & RESPONSIBILITIES
Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments.
Implement various types of scanning (SAST, DAST, SCA, etc.) into the CI/CD pipelines and ensure results are appropriately surfaced to developers.
Develop security related libraries used in the environment.
Collaborate with developers and conduct regular security assessments.
Develop security integrations to be used in CI/CD pipeline and for development teams.
Work with development teams to ensure that application security risks are identified and remediated in a timely manner while maintaining a balance between security & usability.
Consult and train developers on secure coding practices and ensure development teams are validating for OWASP.
Triage vulnerabilities from dynamic and static scanning tools with development teams
Perform web application penetrating testing.
Implement security strategies to mature the OWASP software assurance maturity model.
Manage and tune web application firewalls.
Design and implement technologies to automate security processes.
Consult on secure architecture, least privileged design, threat mitigations, and security standard methodologies.
Other duties as assigned.
EDUCATION & QUALIFICATIONS
Bachelor’s Degree in Computer Science or related field is preferred.
6 to 8 years of experience in application security, application development and DevSecOps.
OSWE, GWAPT or similar certification is preferred.
Communicate and present security concepts to technical and non-technical audiences.
Knowledge with SOX and SOC2 compliance is a plus.
Knowledge of AWS and Kubernetes or related cloud / container technologies is preferred.
Experience with identity lifecycle management and federation technologies such as SAML.
Knowledge of Docker, Kubernetes, Jenkins and Github.
Extensive knowledge of the OWASP Top 10.
SKILLS & ABILITIES REQUIRED
Ability to function with moderate supervision.
Strong interpersonal skills.
Quality written and oral communication, and presentation skills.
Critical thinking and problem-solving skills.
Attention to detail.
Commitment to operational excellence and continuous process improvement.
Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.
Compensation Range
Annual Salary: $151,038.00 - $234,109.00***Location: Dallas, TX or Remote U.S. excluding the following states: AK, DE, ID, ND, RI, VT, WY ***
We offer Medical, Dental, Vision, Paid Time Off, 401k and much more.