Application Security Engineer (Hybrid - US)

Interested in joining a growing company where you will work with talented colleagues, enhance a supportive and energetic culture, and be part of the climate solution? At Energy Solutions, we focus on the big impacts. And we believe that market-based programs can be a powerful force to deliver large-scale energy, carbon, and water-use savings. Since 1995, we’ve harnessed that power to offer proven, performance-based solutions for our utility, government, and institutional customers.

Description:

The Application Security Engineer will be hands on performing day to day application security and compliance activities.  In performing this task, the Application Security Engineer will be expected to collaborate and build partnerships with multiple business units within our company. Professionalism and high ethical standards are expected. 

Responsibilities:  

• Manage security related tasks in the SDLC to ensure that software development activities remain in compliance.
• Responsible for interpreting, justifying, explaining, reviewing, etc. compliance related changes and requirements to our code base leads
• Collaborate with software developers and code base leads 
• Be the bridge between the technical requirements from the business (ie. Security, Privacy, Compliance)  
• Participate as a SME in security architecture including new designs and design review 
• Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks 
• Actively review architecture and compliance-related code changes 
• Manage and maintain API Security including vulnerability scans and best practices  
• Manage security components of the Mendix web development platform  
• Manage security components in Django 
• Manage scans and findings from Static Code Analysis tools such as GitHub Advanced Security  
• Train and educate IS staff on security best practices including OWASP Top 10 
• Ensure compliance with policies and standards such as secure separation of environment 
• Manage and maintain all security related tickets, including recommendations, testing and validation 

 Security Compliance (SOC 2 and NIST 800-53 control implementation and maintenance) 

• Scan and Remediate vulnerabilities 
• Monitor and maintain compliance with SOC 2, NIST 800-53 and other required frameworks 
• Security representative for Configuration Change Control 
• Verification of implemented security controls 
• Standards, Processes and Tools for Security compliance 
• Criticality Analysis and Impact Analysis of security related changes 
• SIEM - Ongoing security monitoring including Datadog, application logs, CloudWatch and other systems 

 AWS 

• Manage and maintain security in AWS Security including IAM policies, permissions, security groups and security monitoring  
• Maintain Web Application Firewall and associated rules to protect applications and systems  
• Manage and monitor Database Security (RDS, Postgres, Redshift) including reviewing logs and validating permissions and making security recommendation. 

Minimum Qualifications:  

• Minimum 3 years of hands-on application security experience, including secure SDLC integration, design review, best practices and vulnerability identification/remediation.
• Minimum 3 years hands-on experience securing web application frameworks and applications.
• Minimum 3 years of security frameworks: NIST-800-53/ SOC 2  

Preferred Qualifications:  

• Excellent verbal and written communication skills.  
• Strong organizational skills and attention to detail.  
• Strong analytical and problem-solving skills.  
• Ability to prioritize tasks according to severity 
• Ability to adapt to the needs of the organization 
• Experience with Django/Python preferred. 
• Proficient in AWS Security services (I.E. Cloud watch, Guard Duty)  
• Excellent interpersonal and negotiation skills. 
• Excellent organizational skills and attention to detail. 
• Excellent time management skills with a proven ability to meet deadlines. 
• Strong analytical and problem-solving skills. 

Compensation to commensurate with experience with the pay band of  $94,200 - $119,800/Annually with a Target range of $94,200 - $107,820 

Compensation is commensurate with experience and includes a generous retirement package. Energy Solutions provides an excellent benefits package including medical, dental and vision insurance, other pre-tax contribution plans and an Employee Stock Ownership Plan (ESOP).

AI Use

At Energy Solutions we believe in the importance of authentic interactions and equitable opportunities. We base our candidate selection on one’s own skills, knowledge, and experience. To ensure the integrity and fairness of our interview process, the use of artificial intelligence (AI) tools (including Generative AI) or other means to generate or assist with responses during interviews is strictly prohibited. This practice supports our commitment to create a transparent and equitable space where skills, knowledge and experience skills can truly shine.

Equal Opportunity Employer

Energy Solutions is an affirmative action-equal opportunity employer and prohibits discrimination and harassment of any type. We afford equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristics protected by law. Energy Solutions conforms to the spirit as well as to the letter of all applicable laws and regulations.

Office Locations and a Remote Workforce

Energy Solutions operates as a predominantly remote workforce with offices in  six different locations. Employees who reside within 40 miles of an office (except New York) will be assigned to that location, though in-office attendance requirements may vary by team. At this time, we are not accepting applications from candidates residing in the following states: Delaware, Kentucky, Mississippi, Montana, Nebraska, North Dakota, and Wyoming.

Background Check Information

Information will be requested to perform the compulsory background check. A drug screen and authorization to work in the U.S. indefinitely are preconditions of employment. Energy Solutions is an equal opportunity employer.

Reasonable Accommodations 

Energy Solutions is committed to providing access and reasonable accommodation for individuals with disabilities. If you require accommodations in completing this application, interviewing, and/or completing any pre-employment testing, or otherwise participating in the employee selection process, please email accommodation@energy-solution.com.

Privacy Notice for Job Applicants