Cybersecurity Application Security Engineer
Trinity Industries is searching for a talented team player to fill the open position of Cybersecurity Application Security Engineer in our Dallas, Texas headquarters.
The Application Security Engineer works within the Information Risk Management team and is a subject matter expert for the development, selection, and implementation of tools to support static, dynamic, and interactive application security testing, code genealogy reviews, evaluation of container, Infrastructure as code, orchestration/automation, and application integrations to ensure implementations adhere to documented cybersecurity policies, standards, requirements, and processes.
The Cybersecurity Application Development Engineer will act as trusted advisor to internal and external stakeholders to promote secure software development practices. The successful candidate will work with IT and business partners to provide cybersecurity guidance, best practice, implementation requirements, and analysis of applications, source code, and services delivery to identify risk and recommend mitigations relating to the software development lifecycle.
This individual will deliver recommendations for policy, processes, and standards relating to the secure delivery of applications and services. This role requires deep technical knowledge in establishing a secure software development lifecycle (SSDLC), including application architecture, programming languages, CI/CD pipeline, and industries best practices related to secure software development.
The successful candidate will collaborate with development teams to assist with the delivery of secure solutions to support business strategies while protecting Trinity Industries, Inc.’ s intellectual property, networks, partnerships, customers, and services.
- What you'll do:
- Provide guidance and support to IT and business partners in implementing secure coding practices and integrating security into the development lifecycle.
- Collaborate with development teams to perform static, dynamic, and interactive application testing and secure source code, genealogy, and Software Bill of Materials reviews of proprietary applications including but not limited to web, mobile, and web service applications to identify vulnerabilities. Code reviews and software composition analysis may involve manual testing and analysis as well as use of automated application vulnerability scanning/testing tools.
- Lead the development, evaluation and implementation of vulnerability management tools and process to support static, dynamic, and interactive application security testing as well as code genealogy, secure container, and Infrastructure as code analysis.
- Provide strategic direction for application security and vulnerability management programs across the enterprise.
- Provide recommendations on Information Security policies, standards, processes, and defining governance procedures for secure application development.
- Develop, enhance, and provide input into development of KPI, KRI and other metrics related to software vulnerability management.
- Research and keep up to date with the latest security trends, vulnerabilities, and industry best practices, and ensure their integration into company software development processes.
What you'll need:
- 3+ years of professional experience focused on Application Security.
- 5+ years of professional experience in Application Development roles.
- Experience with security concepts and tooling such as: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), and Web Application Penetration Testing.
- Hands-on experience in application secure source code review, software composition analysis, opensource library and artifact vulnerability management.
- History of securing complex applications, preferably in a manufacturing setting.
- Experience with multiple objected oriented coding programming languages, application architectures, and front-end frameworks.
- Willingness to participate in Agile/Scrum development process.
- Strong communication and technical skills with the ability to communicate between business and technical stakeholders.
Preferred Qualifications:
- Experience with securing public cloud platform services such as AWS, Azure, Google.
- Experience with secure CI/CD pipeline design and architecture, automation, and secure code gating.
- CISSP, CCSP, CSSLP, or other relevant certifications
- Experiencing supporting global organizations in the manufacturing industry.
- Ability to adapt to a dynamic environment
- Fluent in English and Spanish
EOE
Trinity Industries, Inc., and its subsidiary or affiliated companies (hereinafter “Trinity”) are committed to equal employment opportunity. It is our policy to consider candidates for employment without regard to race, color, sex, sexual orientation, gender identity, religion, age, national origin, disability, or veteran status.
View the following posters by clicking the links below:
Pay Transparency Nondiscrimination Provision
Know Your Rights: Workplace Discrimination is Illegal
Trinity participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.
View the following poster by clicking the link below:
Trinity is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to trinityrecruiting@trin.net. This email address should only be used for accommodations and not general inquiries or resume submittals.