Application Security Engineer
Who We Are Looking For: The Application Security Engineer works as a member of the Global Information Security Office team, building, executing, and improving application security initiatives throughout AGCO. The Engineer ensures that our applications (Web Applications, APIs, Mobile Applications) are designed and implemented to the most secure standards thus maintaining and enhancing customer trust. The Engineer works closely with Development, Product, Business, Global IT, and Operations teams to secure our applications and environment.
What You Will Do:
Architect, design, implement, support, and evaluate application security solutions and services including code and application analysis tools, open source security tools (Operational, Security, and Open Source License Compliance), testing and vulnerability management tools Perform vulnerability detection, assessment, and mitigation, using automated tools and manual assessments in both black-box and white-box scenarios; identify security issues and risks while developing mitigation plans Create and maintain AGCO’s secure development policies and standards Champion and assist teams implementing the company’s standards to make our applications safe while evangelizing security within the company and building customer trust Assist in the creation and maintenance of an asset inventory which will cover all web applications, application programming interfaces (APIs) and mobile applications; assist in the criticality ranking of these assets to prioritize and implement initial and recurring asset security assessments Track and research the latest attacks and how they might apply to our environments Deep knowledge of common web application vulnerabilities (e.g. Injection Attacks, XSS, CSRF, etc.) and their mitigation strategies Complete understanding of the OWASP Top 10 Application Security Vulnerability List
What You Will Bring: Bachelor’s degree in technical engineering or equivalent (or 4 additional years of relevant experience in lieu of degree) CISSP and/or CSSLP certification, CeH, or other relevant security certifications 5 years of relevant application security experience Static Analysis Security Testing (SAST – MicroFocus Fortify or equivalent) Dynamic Application Security Testing (DAST – Microfocus WebInspect or equivalent) Mobile application security (iOS, Android, others) API Security and concepts (REST API, Oauth, JWTs, etc.) Open Source Software composition analysis and security experience (Synopsys, SonaType, Veracode, OWASP Dependency Track, etc.) Strong knowledge of secure development practices, security code review, secure coding practices, threat modeling and security methodologies Experience with BlackBox and WhiteBox security testing, vulnerability scanning, and penetration testing with experience providing remediation techniques Experience in Threat Modeling and Architectural Risk Analysis Understanding of Cloud Computing concepts and Cloud Security Understanding of applicable compliance regulations (SOX, GDPR, etc.) Knowledge of network and web related protocols (e.g., TCP/IP, UDP, HTTP, HTTPS, SSL/TLS) Knowledge of security across multiple disciplines (data, database, operating system)
What We Offer: GLOBAL DIVERSITY – Diversity means many things to us, different brands, cultures, nationalities, genders, generations – even variety in our roles. You make us unique! ENTERPRISING SPIRIT- Every role adds value. We’re committed to helping you develop and grow to realize your potential. POSITIVE IMPACT – Make it personal and help us feed the world. INNOVATIVE TECHNOLOGIES - You can combine your love for technology with manufacturing excellence – and work alongside teams of people around the world who share your enthusiasm. MAKE THE MOST OF YOU – Benefits include: health care and wellness plans, flexible and virtual work options (where available), 401(k) Savings Plan with company match, paid holidays and paid time off, flexible spending accounts, reimbursement for continuing education, company philanthropic programs, company perks programs, and much more…
Please note that this job posting is not designed to cover or contain a comprehensive listing of all required activities, duties, responsibilities or benefits and may change at any time with or without notice. AGCO is proud to be an Equal Opportunity Employer. We maintain a drug-free workplace and perform pre-employment substance abuse testing. AGCO/RSRHiring InsightsJob activityPosted today
Application Security Engineer