Application Security Engineer

Location:

1000 Red River

Austin, Texas, 78701

United States

Application Security Engineer

Requisition ID: req1124 Employment Type: Unclassified Regular Full-Time (URF) Division: Information Security Office Compensation: 102,891.00 - 128,613.00, Annual Salary Location: TRS Job Closing: Sept 30th at 5:00 pm, CST

WHO WE ARE:

Service, Respect, and Connection are core to the individual and collective TRS experience. We know that great service rests on a foundation of relationships that connect us all to an empowering and rewarding career. At TRS, we're inspired by our diverse community who bring authenticity and commitment to our mission to improve the retirement security of public education employees and retirees throughout Texas.

As a group of achievers, we tap collaboration and innovation to raise the bar in performance, administering and counseling pensions and healthcare benefits to ensure certainty for the future of our members. We invite you to join us, where both personal and career growth are respected and where you can make a difference in our members' lives every day.

The Application Security Engineer is responsible for performing complex information technology, and cyber security analysis and control work. The incumbent will ensure the security of TRS applications by implementing and managing application security measures; working closely with the other Information Security team members, the IT department, application development teams, and business technologists to identify and mitigate security risks, develop and implement security protocols, and provide training and support to development staff.

This is a Hybrid position and requires 2 days of onsite work a week conducted at our TRS office in Austin TX

WHAT WILL YOU DO

Cybersecurity

• Works with application development teams to develop and implement secure coding practices, including coding standards, code reviews, and security-focused testing.

• Develops and execute a process for regular application security assessments, including code reviews, threat modeling, and design reviews.

• Develops and maintain a library of secure coding resources for application developers.

• Develop and implement application security policies and procedures that align with industry standards and best practices.

• Provides regular reports to the Information Security Leadership on the status of application security assessments.

• Work with application development teams to prioritize and remediate identified vulnerabilities.

• Provide training and support to application developers on secure coding practices.

• Monitor and enforce compliance with application security policies, procedures, and tooling.

• Collaborate with the IT department, Information Security team, and application development teams to design and implement security controls and measures, including access controls, encryption, and network segmentation.

• Performs related work as assigned.

WHAT WILL YOU BRING

Required Education

• Bachelor's degree from an accredited college or university in Cybersecurity, Information Technology, or a closely related field.

• High school diploma or equivalent and additional full-time experience in cybersecurity, information security, systems analysis, programming, computer operations, IT business analysis or related experience may be substituted on an equivalent year-for-year basis.

Required Experience

• Four (4) years of full-time directly related, progressively responsible experience in cybersecurity, information security, systems analysis, programming, computer operations, IT business analysis or related experience.

• One (1) year of full-time directly related, progressively responsible experience developing and training employees on security/privacy policies, data handling practices and procedures, and legal obligations or related experience.

• One (1) year of full-time directly related, progressively responsible experience conducting IT audits and needs analysis to improve business process solutions. As well as developing and writing IT policies, procedures, and audit responses or related experience.

• Experience may be concurrent.

• A master's degree or doctoral degree in a closely related field may be substituted on an equivalent year-for-year basis.

Required Registration, Certification, or Licensure

• Certification as a Certified Information Systems Security Professional (CISSP), or other security related certifications.

Preferred Qualifications

• Experience with risk management frameworks as it pertains to the National Institute of Standards and Technology.

• Experience with various security monitoring tools, network and web assessment tools, and automation techniques.

• Basic development or scripting experience and skills. (.Net, Python, and Java are preferred.)

• Experience with identifying security issues through code review.

• GIAC 500 series or higher certifications, OSCP, or other security related certifications.

Knowledge, Skills, and Abilities

Knowledge of:

• Computer systems and technology limitations, capabilities, and security infrastructures.

• Information security systems, controls, methodologies, practices, and regulations, including data encryption and information protection.

• National and international laws, regulations, policies, along with ethics as they relate to cybersecurity/privacy.

• Organization's risk tolerance and/or risk management approach.

• Applicable state and federal laws, statutes, Presidential Directives, executive branch guidelines related to information security or cyber security.

• Common security flaws and ways to address them (e.g., OWASP Top 10, CIS Top 18).

• Current and emerging cyber technologies.

• Agile methodology.

• Common code repository and continuous delivery tools.

Skills in:

• Analyzing complex technical problems and developing workable solutions

• Managing multiple conflicting tasks/deadlines.

• Effective verbal and written communication of complex technical information.

Ability to:

• Effectively assess areas of risk associated with information security.

• Determine the validity of technology trend data.

• Develop policy, plans, and strategies in compliance with laws, regulations, policies, and standards in support of organizational information security assurance.

• Establish and maintain harmonious working relationships with co-workers, agency staff, and external contacts.

• Work effectively in a professional team environment.

Military Occupational Specialty (MOS) Codes:

Veterans, Reservists or Guardsmen with experience in the Military Occupational Specialty ( https://www.trs.texas.gov/files/trs-military-crosswalk.xlsx ) along with the minimum qualifications listed above may meet the minimum requirements and are highly encouraged to apply. Please contact Talent Acquisition at careers@trs.texas.gov with questions or for additional information.

To view all job vacancies, visit www.trs.texas.gov/careers or www.trs.csod.com/careersite.

For more information, visit www.trs.texas.gov.