We’re on a mission to cultivate a connected world through shared experiences and are looking for like-minded people to join us in delivering necessary, innovative and convenient technologies and services to the outdoor recreation industry at large. As a member of the Aspira team, you’ll be joining us in supporting convenient access to North America’s most treasured public and private lands, as well as the memorable moments they create.
AspiraTM provides connected experiences for the outdoor recreation industry. Our comprehensive suite of reservation and licensing technology and service solutions support federal, state, provincial, and local government park, campground, and conservation agencies, conveniently connecting them with outdoor adventure seekers from around the world. Aspira is headquartered in Dallas, TX with eight offices worldwide. For more information, please visit AspiraConnect.com.
We are seeking a Senior Application Security Engineer for our Information Security Team. This person will join a team that works to ensure security of all foundational components that comprise Aspira’s public-facing SaaS products along with internal tools and architecture.
This individual will be responsible for working within application development and support teams throughout the enterprise to facilitate the adoption and implementation of application security technologies and processes. This role will collaborate with numerous application teams to embed cybersecurity throughout the respective software development pipeline methodology and work with those teams during code testing, security assessments, and associated remediation activities.
- Provide application security collaboration and advisory services to leaders throughout the Enterprise and business segment application teams on securely architecting application and web solutions.
- Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI/CD.
- Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
- Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
- Perform threat modeling, conduct security architecture reviews, and provide training to developers.
- Consult with application development teams to embed security integrations into their existing pipeline, leveraging automation where possible.
- Provide subject matter expertise in the identification of immediate & permanent corrective actions associated to securing applications with known vulnerabilities.
- Continue to drive the DevSecOps principals into application development team processes to deliver secure by design principals.
- Provide consulting services to define, design, develop, implement, and maintain the overall security posture of applications and supporting infrastructure.
- Bachelor’s Degree in Computer Science or a related field with specialization in information security.
- 7-8+ years’ experience in application development.
- 7+ years or more experience in the field of application security.
- Expert knowledge in security best practices, principles, and common security frameworks such as OWASP
- Experience in software development including Java, Python, .Net, and scripting languages.
- Knowledge of secure architecture and design patterns for Web, Mobile and Microservices.
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities.
- Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis, and penetration testing.
- Desired: Experience securing AWS cloud resources.
- Desired: CISSP, CISM or other related Information Security certifications.
Aspira’s Perks & Benefits:
- Competitive salary
- Health, Vision, Dental, 401K
- 3 weeks of PTO
- Two additional paid days per year to “Get Lost” in an experience and to “Give Back” to the community
AspiraTM is an equal opportunity/affirmative action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.