AppSec Engineer | Vulnerability Testing (6 month Contract to Hire/Remote)

Who is Trace3?

Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.

Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!

Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco.

Ready to discover the possibilities that live in technology?

Come Join Us!

Street-Smart- Thriving in Dynamic Times

We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the “big picture.” We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.

Juice - The “Stuff” it takes to be a Needle Mover

We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.

Teamwork - Humble, Hungry and Smart

We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it’s due and demonstrate transparency. We “bring the weather” by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures – not just their success. We appreciate the individuality of the people around us.

About the Role:

The Application Security Engineer is primarily responsible for detecting and reducing vulnerabilities and risk in our purchased and developed applications. The Engineer understands modern application vulnerabilities and the evolution of threat vectors in the landscape. Armed with the knowledge of possible threats, the Engineer uses and enforces the security controls that deliver on accepted security best practices, risk mitigation, regulatory compliance, and documented policy. The Engineer partners with all areas of business and information technology, internal and external, to enforce security requirements into the design and purchasing processes. They will discover, classify and report vulnerabilities, determine risk analysis and track metrics on security delivery. The Engineer serves as a security practitioner in application development, deployment and operations, database, network, and/or platform (operating system) efforts related to applications.

What You’ll Do:

• Conduct system and application vulnerability assessments using modern security tools including static and dynamic application testing tools.
• Research and confirm vulnerabilities across systems and applications. Recommend and monitor mitigation and resolution of vulnerabilities.
• Provide subject matter expertise for vulnerability management, application security, database and cloud security.
• Assist in implementation of security policies, processes, tools and methodologies that support security standards and ensure effective security within the organization
• Influence and build collaborative working relationships with internal and external partners.
• Ensure solutions being developed across organization are aligned to enterprise security standards and principles.
• Participate in forensic investigations and eDiscovery of suspected information security issues or in compliance reviews as requested by auditors, HR, or Legal
• Develops reports and metrics and presents to management concerning residual risk, vulnerabilities and other security exposures
• Works with audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes
• Researches, designs and recommends the implementation of new or updated information security technologies
• Participates in other organizational duties as required

Qualifications & Interests:

• Bachelor’s degree in Computer Science, Information Technology or related field preferred.
• Advanced experience in vulnerability and threat detection, mitigation and remediation.
• Experience doing Code Review, Python experience strongly desired.
• Advanced experience in application and API development, design and architecture.
• Application security experience with Mobile, Cloud, Windows, UNIX and Web applications.
• Database management systems experience including Oracle and Microsoft SQL.
• Working knowledge of industry standards and frameworks (NIST, SANS, ISO, CIS)
• Project management experience in a cross-functional environment is required
• Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs
• Security industry certifications relevant to the area of responsibility (i.e., CISSP, CISA, CISM, SANS)
• Experience with enterprise level security assessments including performing security and vendor risk assessments for SaaS, PaaS, and IaaS
• Experience with server security, including web servers, app servers, PKI, OWASP top 10,
• Knowledge of data protection mechanisms including an understanding of cryptographic algorithms.
• Strong teamwork leadership, able to communicate professionally and technically working toward common security goals
• Analytical and problem-solving skills
• Must be detail-oriented with a focus on accuracy
• Excellent written and verbal communication skills, including excellent presentation skills

The Perks:

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool culture
• Work-life balance and generous paid time off

***To all recruitment agencies: Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.