Security Engineer 

About The Role:

As Security Engineer of Applications, you will work very closely with Chief Information Security Officer (CISO) to provide security expertise and management on Kepler’s various applications, programs, and projects. This role reports into the CISO and will be responsible for ensuring IT management has the information required to understand application security status and determine how different security decisions impact the bottom line.

Responsibilities:

• Perform vulnerability scans (SAST and DAST) and internal penetration testing, review output, perform analysis of results and remediation.
• Working closely with developers to help improve the security of products and services, as well as designing technical solutions to address security weaknesses, and working with relevant stakeholders to implement them.
• Perform security-focused code reviews.
• Developing and maintaining software application security policies and procedures.
• Providing technical leadership, guidance, and direction to the application security team.
• Developing and maintaining documentation of application security controls.
• Implementing software application security control.
• Build and conduct secure coding training for stakeholders.
• Maintain professional relationships with internal and external stakeholders, participating in team meetings and work closely with technical and non-technical teams.
• Identify and mitigate security business and system risks if different from risks managed at the project level.
• Evaluate internal and external environment for threats, changes, related to application security and perform the role as Information Security subject matter expert (SME) to ensure they are properly addressed and controlled.
• Conduct analysis and provide security design requirements for existing or new systems and infrastructure, data, software, and facilities.
• Act as technical contributor to all things related to application security.
• Help Kepler evolve its application security functions and services.
• Support Kepler’s security awareness program.

Candidate Requirements:

• 8+ years of progressive experience as an Information Security Professional with a BA/BSc. (or higher) degree in Information Security or a related technical field.
• Completion of one or more certifications such as but not limited to CISSP, CISA, CISM, CEH, CCSP, GIAC, ITIL, etc.
• Experience working in agile environments and with Continuous Delivery / Continuous Integration (CI/CD).
• Extensive knowledge of CWE Top 25 and/or OWASP Top 10.
• Experience with common application security tools (e.g., static analysis tools, proxying / penetration testing tools).
• Experience with C++, Python for the purpose of code review.
• Work collaboratively with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks.
• Knowledge of security standards and regulations such as NIST CSF, ISO 27001/2, FISMA etc.
• Advanced knowledge in securing container and microservices technologies (Kubernetes).
• Knowledge of typical behaviors of malware and malware authors.
• Excellent communication and interpersonal skills with the ability to clearly identify and articulate issues.