Application Security Engineer (with Software Development Experience) in MEXICO

Company Description:

Openwave Computing LLC is a global information technology consulting company that provides comprehensive web and mobile app development services, catering to clients from diverse verticals. With over two decades of industry experience, we have gained vast expertise and earned the trust of our clients. As a customer-centric company, we are committed to quality, innovation, and security. At Openwave, we celebrate ideas and welcome breakthroughs from anyone. We are looking for someone who is passionate about their craft, committed to excellence, and wants to be part of a dynamic team. We work on projects with leading US clients, offering exciting opportunities to contribute to cutting-edge developments.

Job Overview:

We are looking for an experienced Vulnerability Management Specialist with expertise in AWS cloud security and application security. The ideal candidate will play a critical role in ensuring our applications and AWS infrastructure are secure by identifying, assessing, and addressing vulnerabilities. You will work closely with our DevOps, application development, and security teams to implement best practices and remediation strategies.

Key Responsibilities:

• Assure alignment with CIS benchmarks controls are applied and configurations are maintained throughout the enterprise as part of the continuous monitoring
• Lead and assist in security risk assessments for systems and applications, address questions from internal and external audits and examinations.
• Develop policies, procedures and standards that meet existing and newly developed policies and regulatory requirements including SOX, PCI, COPPA, FERPA, GDPR, CCPA.
• Serve as project lead within IT security projects.
• Assesses information risk and facilitates remediation of identified vulnerabilities
• Performs vulnerability assessments as assigned utilizing IT security tools and methodologies.
• Performs assessments of the IT security/risk posture within the IT network, systems and software applications.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
• Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments.
• Design security solutions to address security vulnerabilities and weaknesses
• Continuously update the monitoring environment and tools in order to provide the correct level of insight into the environment
• Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
• Investigate security breaches and lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
• Will be responsible to define consistent Secure Software Development Lifecycle practices for technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate.
• Very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities and best practices design and threat modeling skills who can work in a dynamic environment.
• Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations.
• Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team.

Required Skills and Qualifications:

• Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
• 5+ years of experience in security roles with increasing responsibility
• 3+ years of experience in a Security Operations Center, or Continuous Monitoring role
• 2-3 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
• 5+ years or experience in an enterprise technology environment, ideally with experience across a variety of roles– operations, networking, systems and infrastructure architecture, or other as applicable
• Hands on experience with Software Development Java / C# / C++, (JavaScript and HTML preferred)
• Experience with a variety of Continuous Monitoring, and vulnerability scanning tools

Benefits:

• Competitive USD salary commensurate with experience.
• 100% Remote.
• We are a US-based company, so no additional benefits are offered.
• Up to $30 USD per hour all inclusive