Job Description Job Purpose An ICE Application Security Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. This team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management. Responsibilities Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing. Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS. Secure Design – Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases. Tool Management – Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs. Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities. Knowledge and Experience University degree in Computer Science, Engineering, MIS, CIS, or related discipline Software engineering experience in Java, C++, .NET and/or related languages Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments Experience designing solutions to integrate transparently with the CI/CD pipeline Familiarity with application development in large cloud environments