Senior Application/Information Security Engineer (DAST, SAST, API, IAST, OWASP, CWE/SANS, NIST, C#, Static, Dynamic)
Who Are We:
Samaritan's Purse (SP) is a non-denominational evangelical Christian organization providing spiritual and physical aid to hurting people around the world. For over 40 years, Samaritan's Purse has helped meet needs of people who are victims of war, poverty, natural disasters, disease, and famine with the purpose of sharing God's love through His Son, Jesus Christ.
We have an incredible new opportunity for an experienced Application Security Analyst to join our internal Cyber Security and Application Development teams here at Samaritan's Purse! This is a lead Security role that requires a driven, knowledgeable Security Engineer or Analyst, wanting to join a growing and fast paced Christian IT team. The sphere of influence in this role is great, requiring numerous mission critical decisions that will impact a large portion of our Global Cyber Security Applications and Infrastructure. Due to this influence, the ideal candidate would be a very forward-leaning Security Analyst with a leadership mentality, who has a background in Application Security or Cyber Security Engineering with a passion to learn the newest security and automation technologies, while applying Industry standard practices. If you are searching more than just a job, but a Career with a lasting impact, come see how we accomplish that!
- At least 4 years’ of working experience in the technical areas of Cyber Security Analysis/Engineering or Security Application Analysis.
- Experience completing Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools such as Qualys, Whitehat, WebInspect, Veracode, Checkmarx, or similar DAST tools is a plus.
- Experience with Penetration (Pen) Testing, and Interactive Application Security Testing (IAST).
- Requires experience securing the front and back-end code of various Web and/or Mobile Applications.
- Helps manage the entire Application Security testing and cyber security automation/integration responsibilities at Samaritan’s Purse.
- Leads the application security and testing programs in order to develop, automate, and integrate static and dynamic code analysis as well as other application testing tools into the secure application development life-cycle.
- Develops training, recommends courses, and helps educate application developers on secure coding best practices, and can assist application developers in optimizing code for stronger security.
- Responsible for preventing OWASP top 10 and CWE/SANS 25
- Secure Software Development and Secure Coding best practices.
- Experience with either Java, .NET (C#), or Python development languages and code strongly preferred.
- Conducts application security assessments and penetration testing on web and mobile applications.
- Works with Application Developers to ensure code security and re-mediate vulnerabilities prior to deployment into production.
- Works to build industry standard automated Cyber Security processes around existing CI/CD pipeline.
- Works with the cyber security team to integrate and automate cyber security processes, software, and tools to take advantage of correlation between multiple data sets, logs, and inventories.
- Helps to ensure ministry compliance with CIS Critical Controls, NIST Cyber Security Framework, PCI-DSS, HIPAA, third party pen test/risk assessments, and other yearly audit requirements.
- Trains application development team on the topic of incident response.
- Manages new and various application security projects and initiatives as they arise.
- Responsible for pulling key security API data from existing Web Applications.
- Works to integrate various automated tools for a more streamlined security workflow.
- Oversees additional Application Testing and analysis, in addition to automated Application Vulnerability Scanning/Testing tools.
- Responsible for writing formal security assessment reports for each existing application being built, and retesting security vulnerabilities that have been fixed when needed.
- Meets with product owners, development teams, and affiliated parties to review your assessment results and consult on remediation options.
- Helps application developers maintain continual data, device, and account inventories, secure configurations, and application vulnerability scanning/remediation processes; recommending needed security patches and controls for IT systems.
- Acts as a liaison between the application developers and cyber security teams; to assist the cyber security team in understanding the security of application development and to help summarize and explain penetration testing and audit results to application developers.
- Stays up to date on the latest cyber security events and research emerging products and services.
- Available to provide on-call support as needed by management to fulfill the department Service Level Agreement and Internal Operating Procedures.
Helpful Certifications: GWEB, GSSP-NET, GWAPT, GCIH, GCIA, GPEN, CISSP, CEH
- Faithfully upholds the ministry in prayer.
- Maintains a personal, active relationship with Jesus Christ and is a consistent witness for Jesus Christ.
- Consistently participates in daily staff devotions.
- Demonstrate behavior aligned with Samaritan’s Mission Statement, Statement of Faith, Hallmarks, policies, and expectations.
- Effectively represents Jesus Christ to those within both personal and professional spheres of influence.
- Maintain a strong Christian witness to colleagues, vendors, charitable beneficiaries, and the general public.
- Competitive Medical, Prescription, Dental & Vision insurance
- Flexible Spending Account (FSA)
- Long term and short term disability insurance
- Term Life insurance
- 401(k) retirement savings plan
- Ten (10) paid holidays
- Ten (10) or more days of vacation depending on years of service
- Ten (10) sick/personal days
- Staff discounts at retail stores and service providers in the Boone area and nationwide
Samaritan’s Purse Distinct Objectives:
PROCLAIM THE GOSPEL - EXALT Christ and share the Gospel while working in His Name around the world
SERVE WITH EXCELLENCE - EXCEED the world’s standard while serving the purposes of God’s kingdom
RESPOND WITH COMPASSIONATE ACTION - EXPEDITE our response to needs as the Lord reveals opportunities to minister
DEMONSTRATE BIBLICAL INTEGRITY - EXHIBIT character and integrity personally, at home and work
WALK IN BOLD FAITH - EXPECT God to do the impossible
Samaritan's Purse Mission Statement:
Samaritan's Purse is a nondenominational evangelical Christian organization providing spiritual and physical aid to hurting people around the world. Since 1970, Samaritan's Purse has helped meet needs of people who are victims of war, poverty, natural disasters, disease, and famine with the purpose of sharing God's love through His Son, Jesus Christ. The organization serves the Church worldwide to promote the Gospel of the Lord Jesus Christ.
Samaritan's Purse Statement of Faith:
* We believe the Bible to be the inspired, the only infallible, authoritative Word of God. (1 Thessalonians 2:13; 2 Timothy 3:15-17)
* We believe that there is one God, eternally existent in three persons: Father, Son, and Holy Spirit. (Matthew 28:19; John 10:30; Ephesians 4:4-6)
* We believe in the deity of the Lord Jesus Christ, in His virgin birth, in His sinless life, in His miracles, in His vicarious and atoning death through His shed blood on the cross, in His bodily resurrection, in His ascension to the right hand of the Father, and in His personal return in power and glory. (Matthew 1:23; John 1:1-4 and 1:29; Acts 1:11 and 2:22-24; Romans 8:34; 1 Corinthians 15:3-4; 2 Corinthians 5:21; Philippians 2:5-11; Hebrews 1:1-4 and 4:15)
* We believe that all men everywhere are lost and face the judgment of God, that Jesus Christ is the only way of salvation, and that for the salvation of lost and sinful man, repentance of sin and faith in Jesus Christ results in regeneration by the Holy Spirit. (Luke 24:46-47; John 14:6; Acts 4:12; Romans 3:23; 2 Corinthians 5:10-11; Ephesians 1:7 and 2:8-9; Titus 3:4-7)
* We believe in the present ministry of the Holy Spirit, whose indwelling enables the Christian to live a godly life. (John 3:5-8; Acts 1:8 and 4:31; Romans 8:9; 1 Corinthians 2:14; Galatians 5:16-18; Ephesians 6:12; Colossians 2:6-10)
* We believe in the resurrection of both the saved and the lost; the saved unto the resurrection of eternal life and the lost unto the resurrection of damnation and eternal punishment. (1 Corinthians 15:51-57; Revelation 20:11-15)
* We believe in the spiritual unity of believers in the Lord Jesus Christ and that all true believers are members of His body, the church. (1 Corinthians 12:12, 27; Ephesians 1:22-23)
* We believe that the ministry of evangelism and discipleship is a responsibility of all followers of Jesus Christ. (Matthew 28:18-20; Acts 1:8; Romans 10:9-15; 1 Peter 3:15)
* We believe God’s plan for human sexuality is to be expressed only within the context of marriage, that God created man and woman as unique biological persons made to complete each other. God instituted monogamous marriage between male and female as the foundation of the family and the basic structure of human society. For this reason, we believe that marriage is exclusively the union of one genetic male and one genetic female. (Genesis 2:24; Matthew 19:5-6; Mark 10:6-9; Romans 1:26-27; 1 Corinthians 6:9)
* We believe that we must dedicate ourselves to prayer, to the service of our Lord, to His authority over our lives, and to the ministry of evangelism. (Matthew 9:35-38; 22:37-39, and 28:18-20; Acts 1:8; Romans 10:9-15 and 12:20-21; Galatians 6:10; Colossians 2:6-10; 1 Peter 3:15)
* We believe that human life is sacred from conception to its natural end; and that we must have concern for the physical and spiritual needs of our fellowmen. (Psalm 139:13; Isaiah 49:1; Jeremiah 1:5; Matthew 22:37-39; Romans 12:20-21; Galatians 6:10)
Job Reference #: 10014