Application Security Engineer (Java) - Remote (Only Mexico)

Orion Innovation is a premier, award-winning, global business and technology services firm. Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity. We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

Key Responsibilities:

1. Collaborate closely with clients and the application community to maintain a resilient security posture for high-visibility applications.
2. Remediate application security defects collaboratively with the application security team, emphasizing a security-first mindset.
3. Lead security discussions with application teams to prescribe and implement best security practices throughout the development lifecycle.
4. Conduct dynamic and static application performance testing, create security requirements, and generate threat models using tools such as SD Elements.
5. Utilize the latest OWASP frameworks to enhance application security.
6. Stay updated on web application security standards, including OWASP Top 10, CVSS, CWE, WASC, and SANS-25.

Basic Requirements:

1. 3+ years of experience with Java, including expertise in Apache and Spring.
2. 3+ years of experience in designing and implementing enterprise security controls to secure applications, systems, networks, or infrastructure services.
3. 3+ years of experience supporting Static Application Security Testing, Dynamic Application Security Testing, and IDE Plugin environments.
4. Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio.
5. Expertise in enterprise web application security and understanding of OWASP Top 10.
6. Familiarity with web protocols and command-line tools.
7. Proven experience in penetration testing.
8. Knowledge of Linux or UNIX environments, including basic website connectivity navigation and troubleshooting.

Additional Requirements: Experience with capabilities and tools of Interactive Application Security Testing.

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Candidate Privacy Policy

Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, “Orion,” “we” or “us”) are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) (“Notice”) explains:

• What information we collect during our application and recruitment process and why we collect it;
• How we handle that information; and
• How to access and update that information.

Your use of Orion services is governed by any applicable terms in this notice and our general Privacy Policy.