Apply for this job now

Principal Application Security Engineer (Remote - US)

Location
Louisville, Kentucky
Job Type
Permanent
Posted
1 Aug 2022
Principal Application Security Engineer (Remote - US)

Job ID

67896

Posted

31-May-2022

Service line

Corporate Segment

Role type

Full-time

Areas of Interest

Digital & Technology/Information Technology

Location(s)

Remote - US - Remote - US - United States of America

Job Summary

The mission of the individual in this role is to leverage their strong understanding of enterprise-level knowledge and/or expert knowledge to mitigate cyber security risk through the protection of container and Function as a Service workload. They will actively work with the CBRE business, Digital & Technology, and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection/monitoring capabilities globally. Leads and executes complex initiatives that drive problem resolution. As a senior member of the team, this individual will work with progressive development teams with a mindset toward being agile and solving problems iteratively.

Experience in all skills listed is not necessary to be qualified for the position. If you have a relevant similar experience, we still want to talk to you.

Essential Duties and Responsibilities

Be a broker of security, being able to sell the benefits of security, while being mindful of the needs of development teams all over the world

Understand the concepts of assessing risk, rather than just saying No. Be able to find a way to make development teams successful, while still ensuring secure practices

Configuring, and administrating technologies for our product teams including SAST, DAST, OSA, secrets management, etc...

Help software development teams to understand, and remediate security findings

Construct threat models with development teams

Participate in development team sprint planning to raise awareness of security concerns

Work with development teams throughout the entire SDLC to ensure code is secure by design, and all the way through production deployment.

Help identify and educate Security Champions within development groups

Assist in the development of internal security policies, procedures, and guidelines

Be able to quickly come up to speed on new and emerging technologies/cloud services, and understand how to establish at least a baseline of security for them

Have well-founded opinions and be willing to express your disagreement when something doesn't pass the smell test for you.

Other duties as assigned

Supervisory Responsibilities

Shape the direction of the program team moving forward. May provide formal supervision to individual employees within single functional or operational area. Recommends staff recruitment, selection, corrective action and termination. Prepares and delivers performance appraisals for staff. Mentors and coaches team members to further develop competencies. Leads by example and models behaviors that are consistent with the company's values.

Education and Experience

Advanced understanding of DevOps practices, and CICD pipelines

Advanced understanding of application security testing tools for SAST, DAST, OSA, etc.

Advanced experience with either AWS or Azure

Strong experience with containers and orchestration platforms (Kubernetes, Mesos, etc.)

Strong experience with Kubernetes as well as managed deployments such as EKS and AKS

Strong experience integrating application security into Agile teams

Strong experience in threat modeling

Intermediate knowledge of Infrastructure as Code (Terraform, Ansible, etc.)

Bachelor's degree (BA/BS) in a related field of work

o or equivalent combination of education and experience (equivalent work experience = 2 years of related experience for every year of higher-level education).

Other Skills and/or Abilities

Experience with GCP or AliCloud

Understanding of modern software development practices

Communication Skills

Ability to comprehend, analyze, and interpret the most complex business documents. Ability to respond effectively to the most sensitive issues. Ability to write reports, manuals, speeches and articles using a distinctive style. Ability to make effective and persuasive presentations on complex topics to employees, clients, top management and/or public groups. Ability to motivate and negotiate effectively with key employees, and management to take desired action.

Reasoning Ability

Ability to solve advanced problems and deal with a variety of options in complex situations. Requires expert level analytical and quantitative skills with proven experience in developing strategic solutions for a growing matrix-based multi-industry sales environment. Draws upon the analysis of others and makes recommendations that have a direct impact on the company.

CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.

NOTE: An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.

CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)

Apply for this job now

Details

  • Job Reference: 674026603-2
  • Date Posted: 1 August 2022
  • Recruiter: CBRE
  • Location: Louisville, Kentucky
  • Salary: On Application
  • Sector: I.T. & Communications
  • Job Type: Permanent