Job description

Job Title: Principal App Sec Principal Engineer Location: 1525 W W T Harris Blvd., Charlotte, NC 28262 Hybrid Roles (3 Days Onsite/2 Days WFH) Job Descriptions: specific hands-on technical experience with the following tools (specifically selecting them, integrating them into a CI / CD pipeline and writing / configuring custom queries): • Checkmarx, Fortify, GHAS - CodeQL • BlackDuck, Prisma, CycloneDX, Jfrog Xray, GHAS Secrets, GHAS - Dependabot • Invicti Netsparker, WebInspect, AppScan, BurpSuite, ZAP We need very deep security software engineering skills. • Act as an advisor to leadership to develop or influence applications, network, information security, database, operating systems, or web technologies for highly complex business and technical needs across multiple groups. • Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking. • Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions. • Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions. • Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization. • Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership. Required Qualifications: • 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.. • 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education • 3+ years of Cloud experience (GCP, Azure, AWS) • Ability to Travel up to 10% of the time • 5 + years Development experience in more than one language • 3+ years of experience with secure DevOps and deployment automation to cloud environments • 3 + years CI/CD integration experience • 2+ years of ServiceNow Experience • Demonstrated experience in Penetration Testing • Demonstrated experience in determining root cause analysis for actionable SDLC security updates • Dynamic Analysis Security Testing (DAST) experience • Knowledge of Kubernetes Containerization Strategy • Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.) • Recent Java or C# & .NET CORE development experience including the development of RESTful APIs • Experience with SDLC and Agile methodologies • Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices.

Requirements