Engineer, Application Cybersecurity

Description:

This position will help implement and validate the security controls on Herbalife applications worldwide and will support the Application Security Practice and DevSecOps.

The Applications Security Engineer will contribute to the implementation, evaluation and definition of new security standards and process with Herbalife’s application properties.

This position will also assist in documenting and tracking application security policies, processes, procedures, standards and controls. This position will apply secure applications development best practices and will provide support security analysis and enforcement of defenses and countermeasures at each phase of the software development lifecycle, to result in high quality, robust and reliable software.

Skills:

• Excellent oral and written communication skills in English.
• Ability to build and maintain effective working relationships at all levels of the organization.
• Strong business ethics surrounding access to confidential information.
• Provide concise and regular updates to management.
• Professional attitude towards teammates and colleagues.
• Ability to interact effectively at all levels with sensitivity to cultural diversity.
• Ability to function as an effective team member.
• Ability to adapt as the external environment and organization evolves.
• A solid foundation in computer science, with strong competencies in data structures, design patterns, object-oriented programming, algorithms, and software design.
• Excellent analytical skills with the ability to resolve technical issues as both an independent thinker and team member with a focus of action with results.
• Ability and willingness to learn quickly new skills.
• Flexibility to work in an agile and fluid environment.
• Ability to interact effectively at all levels with sensitivity to cultural diversity.

Experience:

• Proven work experience as a software security engineer
• Knowledge of Secure Software Development Lifecycle best practices and expertise on implementation of application security controls.
• Advanced knowledge of programming language and development tools.
• Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures, API integration) and of network/web related protocols.
• Adequate knowledge of OS, Networks, Cryptography, Databases, Web Technologies.
• Knowledge of Application security tools such as Knowledge of Metasploit, Nessus and Qualys, ASV scanners or other application security scanner.
• General knowledge of development technologies and stacks: build pipelines, frameworks, QA process, etc.
• General Knowledge of Application development methodologies and Architecture.
• Experience with Application security protection and testing tools such as DAST, IAST, SAST, MAST, RASP, WAF
• General knowledge of build pipelines and CI/CD.

Education:

• Bachelor’s degree in Computer Science or related field.
• 3 - 4 year’s total demonstrated experience in the Information Technology industry specially DEVSECOPS, DEVOPS with security experience or APPSEC.