Application Security Engineer

Description

Tyler Technologies is looking for an Application Security Engineer to join our expanding team, emphasizing the importance of adhering to security best practices at every stage of the software development lifecycle (SDLC).

The Application Security Engineer position entails conducting manual application security assessments on Tyler products and systems, managing vulnerabilities, and collaborating with development teams to triage and remediate them. This role will involve integrating essential security practices into the software development lifecycle. It includes partnering with various security peer teams, IT, Development, and Engineering to incorporate or enhance security measures.

The Application Security Engineer will support product engineering and software development in securing the company's product portfolio. Application Security Engineers significantly influence our company's security posture, ensuring that Tyler products effectively safeguard client data and systems from threat actors. To excel in this role, candidates should have experience in complex, fast-paced technical environments, along with a passion for technology and a commitment to process-driven, collaborative problem-solving.

Responsibilities

• Execute project plans and maintain the scope, schedule, and each party’s responsibilities.
• Test Tyler products for OWASP Top Ten vulnerabilities using automated and manual testing.
• Code reviews for application security vulnerability fixes.
• Provide expert knowledge and guidance to the application development teams about security vulnerabilities and applicable remediation paths.
• Perform internal application security presentations to spread awareness and strengthen secure application development.
• Assist business units with reviewing automated and manual testing as a part of their software development life-cycle.
• Work with teammates to learn, regularly share skills, and foster team excellence.
• Participate in security team meetings that facilitate secure design.
• Investigate enterprise security incidents (IR) and provide analysis to senior leadership.
• Facilitate and support projects to increase Tyler’s overall security posture.
  

Qualifications

• Bachelor’s degree in Cybersecurity, Systems Engineering, Computer Science, Information Systems Management, or similar.
• 5+ years with shown ability working in IT security.
• 3+ years with confirmed ability in Application Security, Cybersecurity, or web application frameworks.
• At least one year in software engineering preferred.
• Knowledge of programming languages such as Java, C#, Javascript, Python, etc preferred.
• Desire to expand knowledge in many development languages, applications, and tools.
• Experience with OWASP top 10, SANS top 25, CVE, CVSS, CWE etc…
• Sophisticated understanding of attack vectors for both on-prem and cloud. environments.
• Self-motivated and capable of leading and completing assignments without supervision.
• Ability to respond to changing priorities and operate effectively in a dynamic environment.
• Ability to weigh business needs against security concerns.
• Strong interpersonal, verbal, and written communication skills.
• Strong organizational skills and ability to handle a wide range of tasks and re-prioritize them on short notice.
• Ability to work independently and collaboratively within a team or remote work setting.
• Must be passionate about security and continuing education.
• Required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.

The ideal candidate will have:

• Advanced knowledge of web application security vulnerabilities
• Experience developing applications that utilize web application frameworks
• Experience with manual testing of OWASP Top Ten Vulnerabilities
• Have acquired at least one security certification for application security (for example: OSWA, OSWE, CBBH, CWEE, eWPTX, BSCP)
• Advanced knowledge with security testing tools and frameworks (BurpSuite/OWASP ZAPP Kali Linux/Parrot Security OS, SAST/DAST scanners, Sqlmap, SOAPUI/OPENAPI)
• Developed exploits for web application vulnerabilities
• Exposure to public-sector software products
• Exposure to Amazon Web Services (AWS)