Application Security Engineer - Information Security - Marriott (Gaithersburg, MD)

Application Security Engineer - Information Security - Marriott

Here s To Your Journey with Marriott International is the world s largest hotel company with more brands more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So we ask where will your journey take you The Marriott International HQ located at 9751 Washingtonian Blvd Gaithersburg MD 20878 is currently hiring a Application Security Engineer - Information Security. Responsibilities include Performs security application source code reviews application vulnerability testing and application threat assessments. Leverages advanced tools methods and approaches to demonstrate weaknesses in applications. Responsible for assuring developers and technical personnel address application security issues in a timely fashion. Will routinely collaborate with different security team members including but not limited to architecture infrastructure network compliance and incident response. CANDIDATE PROFILE Education and Experience Required Bachelor s degree in Computer Science or related field or equivalent experience certification 3 years working as a frontend or backend software developer Has written tested and deployed at least one revenue generating web application Has worked as a developer on a team consisting of 5 or more software developers Expert level knowledge of at least one compiled programming language Expert level knowledge of at least one interpreted programming language Ability to write a software specification Knows how to perform an application stress test Ability to conduct independent research Strong understanding of HTML HTTP JSON and XML Ability to fluently write read debug and test applications written in Java and JavaScript Understanding of web service implementation paradigms (REST SOAP) Familiar with OWASP and the common flagship projects Basic understanding of Cryptography concepts hashing signing symmetric asymmetric encryption and decryption Basic understanding of network security concepts DOS DNS Spoofing ARP Poisoning Reverse Shells Firewalls Basic understanding of defensive programming and test-driven development Knows how to perform common application exploits XSS SQL Injection UI Redressing Directory Browsing Log Forging Basic understanding microservice application architecture software cohesion and software coupling Willing to write tools as necessary to perform day to day duties. Comfortable learning new programming languages as needed to conduct code reviews Preferred Current information security and or software development certification including Certified Secure Lifecycle Professional (CSSLP) Professional Software Engineering Master (PSEM) Certified Software Development Professional (CSDP) GIAC Secure Software Programmer (GSSP) Expert level knowledge static analysis tools and methods Expert level knowledge of dynamic analysis tools and methods Advanced knowledge software engineering concepts GOF software design patterns SOLID design principles (SRP OSP LSP ISP and DIP) and design methods (Scrum XP Lean Waterfall) Strong understanding of SAML OAuth and OIDC Strong understanding of common cryptographic algorithms and libraries Experience with mobile application development on Android or iOS 2 years working as full stack software developer 1 years working in a software QA role. Comfortable with the following tools and technologies Git ZAP or BurpSuite Postman SoapUI Jenkins Artifactory SonarQube FindBugs Docker JIRA Confluence CORE WORK ACTIVITIES Security Assessments Evaluates applications for security flaws by performing fuzzing access authorization bypass business logic abuse and intentional fault injection. Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery. Reviews application architectures and implementation details for design flaws incorrect security implementation and missing security controls. Works with other security team members to research and test for complex security issues. Consults with Software Engineers Infrastructure Architects and Security Architects to correct application architectural or environment flaws. Validates external security researcher bug bounty submissions. Works closely with service providers and external security support resources to schedule track and manage outsourced security testing efforts. Creates and or maintains threat models to communicate risks to engineers project managers and other technical personnel. Ensures applications are built according to enterprise security standards. Source Code Reviews Works with development teams to review application source code for security and operational risks. Perform manual code reviews of applications that are not compatible with automated SAST tools. Provide detailed security documentation to developers software engineers and technical personnel when necessary Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws Administrative Participate in peer reviews of security assessments created by other team members. Manage tickets and SLA s associated with security testing efforts. Maintain the enterprise SSDLC standard. MANAGEMENT COMPETENCIES Leadership Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods. Leading Through Vision and Values -Keeps the organization s vision and values at the forefront of employee decision making and action. Managing Change -Initiates and or manages the change process and energizes it on an ongoing basis taking steps to remove barriers or accelerate its pace serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges. Problem Solving and Decision Making - Identifies and understands issues problems and opportunities obtains and compares information from different sources to draw conclusions develops and evaluates alternatives and solutions solves problems and chooses a course of action. Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others makes a good first impression and represents the company in alignment with its values. Managing Execution Strategy Execution Ensures successful execution across of business plans designed to maximize customer satisfaction profitability and market share through effective planning organizing and on-going evaluation processes. Driving for Results - Sets high standards of performance for self and or others assumes responsibility for work objectives initiates focuses and monitors the efforts of self and or others toward the accomplishment goals proactively takes action and goes beyond what is required. Building Relationships Customer Relationships - Develops and sustains relationships based on an understanding of customer stakeholder needs and actions consistent with the company s service standards. Global Mindset - Supports employees and business partners with diverse styles abilities motivations and or cultural perspectives utilizes differences to drive innovation engagement and enhance business results and ensures employees are given the opportunity to contribute to their full potential. Strategic Partnerships -Develops collaborative relationships with fellow employees and business partners by making them feel valued appreciated and included explores partnership opportunities with other people in and outside the organization influences and leverages corporate and continental shared services and or discipline leaders (e.g. HR Sales & Marketing Finance Revenue Management) to achieve objectives maintains effective external relations with government business and industry in respective countries performs effectively as a liaison between locations disciplines and corporate to ensure needed resources are received and corporate strategies are understood and executed. Generating Talent and Organizational Capability Developing Others -Supports the development of other s skills and capabilities so that they can fulfill current or future job role responsibilities more effectively. Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and or support the goals of an organizational unit. Learning and Applying Professional Expertise Continuous Learning - Actively identifies new areas for learning regularly creates and takes advantage of learning opportunities uses newly gained knowledge and skill on the job and learns through their application. Technical Acumen - Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach function-specific work challenges To apply now go to s jobs.marriott.com marriott jobs 18003BI8 %3Flang en-us Marriott International is consistently recognized as an employer of choice globally by FORTUNE magazine DiversityInc and Great Places to Work Institute among others. Visit www.marriott.com careers to learn more about our workplace culture and career opportunities. Chat engage and follow us on social media. FacebookTwitterLinkedInInstagram(at)lifeatmar riott on Snapchat. So we ask where will your journey take you Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability veteran status or any other basis protected under federal state or local laws.