Cloud Application Security Engineer (Remote - Usa)

Responsibilities

Hexagon’s Asset Lifecycle Intelligence division is seeking a Cloud Application Security Engineer who can provide hands-on technical application security expertise and ownership of the growing cloud application suite, across multiple providers, using public cloud platforms. You will work closely with our software development groups, global InfoSec/OpsSec team, and our Cloud Operations team, to help build secure and robust applications, responsible for serving all Cloud customers. The Cloud Application Security Engineer provides cloud application security expertise in the analysis, assessment, development, and evaluation of application solutions and architectures to secure application multi-tenant deployments. Additionally, the Cloud Application Security Engineer assists in the development of requirements including secure software design, secure application deployment, secure identity management, as well as providing monitoring and oversight for alerts and vulnerabilities in this environment.

• Participate in projects that apply the company’s security policies and standards for use in application security in cloud environments.
• Secure application design and implementation on Azure and AWS public cloud platforms.
• Develops standards, policies, and procedures as well as best practices documentation.
• Knowledge of identity management and familiarity with such technologies as Ping Federate and Okta.
• Comfortable serving in a consultant capacity to less-knowledgeable stakeholders. Serve as a key subject matter expect in support of securing custom applications both from development and traditional network security perspectives.
• Propose and/or design technical solutions including complex application security design concepts for a multi-tenant platform.
• Mentor and influence multi-disciplinary teams in implementing secure application design and vulnerability remediation.
• Undergoes ongoing training to update appropriate Public Cloud security skills and knowledge.
• Communicate security concepts to different audiences ranging from business leaders to engineers.
• Serves as the subject matter expert (SME) on Cloud application security, including secure software development processes, vulnerability management, and application security event management and triage.
• Translates technical requirements into business requirements.

Qualifications

• Azure/AWS certifications preferred but not essential.
• Experience with application frameworks, vulnerability management in software development, and associated proactive tools used in the SDLC.
• Experience of vulnerability management and SIEM tools.
• Experience with application pipelines and integrating security in the CI/CD process.
• Previous experience with Azure Public Cloud. “Big 5” Security Consulting a strong plus.
• Knowledgeable in software development patterns and building applications for a zero-trust operating model.
• Solid understanding of TCP/IP stack and OSI model.
• Strong Application Security experience.
• Previous experience as a software developer and/or demonstrated experience with SDLC implementations.
• Strong understanding of penetration testing and vulnerability assessments .
• Experience of automation & remediation of security items using code.
• Security certifications a strong plus.
• US Citizenship is required for this position.
• Previous experience with identity management solutions preferred but not essential.

Hexagon is an Affirmative Action/Equal Opportunity Employer, including disability/veterans. Diversity Statement

At Hexagon, we believe that diverse and inclusive teams are critical to the success of our people and our business. Everyone is welcome—as an inclusive workplace, we do not discriminate. In fact, we embrace differences and are fully committed to creating equal opportunities, an inclusive environment, and fairness for all.