Senior Cybersecurity/Application Security Engineer (Local to Sacramento, CA)

Sacramento, CA (Remote, Occasional Onsite) Must Have: Active Information Systems Security Professional (CISSP) Mandatory Qualification: Leading data classification and categorization effort and documenting the results in accordance with Data Classification and Categorization Standards.

Working with customers to identify and document business impacts and system security classification and data categorization ratings.

Performing SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) common tools and provide results and remediation execution approach to management, developers, business analyst, and tester.

Developing and presenting security remediation approach to senior management, developers, business analysist, and testers, including an execution plan. Implementing ZeroTrust/Continuous authentication architectures.

Classifying issues identified via SAST and DAST tools based on risk and criticality. Documenting security reports for As is applications, developing security user stories and task for the developers to address security vulnerabilities.

Performing and collaborating on analysis with other technical staff to identify and document security issues for application components and supporting infrastructure, such as: Non-standard or low-security authentication methods for users, systems, and infrastructure Reused or common credentials User credentials in code Unencrypted end-user passwords and Personal Identifiable Information (PII) Missing security controls based on the data classification and categorization Collaborating with Software Developers to identify and document approaches to remediate security issues, including plans to validate security fixes and improvements.

Collaborate with developers implementing an IAM (Identity and Access Management) solution. Desired Qualification: Certified Information Systems Security Professional (CISSP) License. Ten (10) years or more of Security Engineer experience using Mend and Invicti or similar tools.

Minimum of five (5) years of experience supporting security practices in a cloud environment (AWS, Azure, etc. )