Trinity Industries

Trinity Industries is searching for a talented team player to fill the open position of Cybersecurity Application Security Engineer in our Dallas, Texas headquarters. 

The Application Security Engineer works within the Information Risk Management team and is a subject matter expert for the development, selection, and implementation of tools to support static, dynamic, and interactive application security testing, code genealogy reviews, evaluation of container, Infrastructure as code, orchestration/automation, and application integrations to ensure implementations adhere to documented cybersecurity policies, standards, requirements, and processes.

The Cybersecurity Application Development Engineer will act as trusted advisor to internal and external stakeholders to promote secure software development practices. The successful candidate will work with IT and business partners to provide cybersecurity guidance, best practice, implementation requirements, and analysis of applications, source code, and services delivery to identify risk and recommend mitigations relating to the software development lifecycle.

This individual will deliver recommendations for policy, processes, and standards relating to the secure delivery of applications and services. This role requires deep technical knowledge in establishing a secure software development lifecycle (SSDLC), including application architecture, programming languages, CI/CD pipeline, and industries best practices related to secure software development.

The successful candidate will collaborate with development teams to assist with the delivery of secure solutions to support business strategies while protecting Trinity Industries, Inc.’ s intellectual property, networks, partnerships, customers, and services.

• What you'll do:
• Provide guidance and support to IT and business partners in implementing secure coding practices and integrating security into the development lifecycle.
• Collaborate with development teams to perform static, dynamic, and interactive application testing and secure source code, genealogy, and Software Bill of Materials reviews of proprietary applications including but not limited to web, mobile, and web service applications to identify vulnerabilities. Code reviews and software composition analysis may involve manual testing and analysis as well as use of automated application vulnerability scanning/testing tools.
• Lead the development, evaluation and implementation of vulnerability management tools and process to support static, dynamic, and interactive application security testing as well as code genealogy, secure container, and Infrastructure as code analysis.
• Provide strategic direction for application security and vulnerability management programs across the enterprise.
• Provide recommendations on Information Security policies, standards, processes, and defining governance procedures for secure application development.
• Develop, enhance, and provide input into development of KPI, KRI and other metrics related to software vulnerability management.
• Research and keep up to date with the latest security trends, vulnerabilities, and industry best practices, and ensure their integration into company software development processes.

What you'll need:

• 3+ years of professional experience focused on Application Security.
• 5+ years of professional experience in Application Development roles.
• Experience with security concepts and tooling such as: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), and Web Application Penetration Testing.
• Hands-on experience in application secure source code review, software composition analysis, opensource library and artifact vulnerability management.
• History of securing complex applications, preferably in a manufacturing setting.
• Experience with multiple objected oriented coding programming languages, application architectures, and front-end frameworks.
• Willingness to participate in Agile/Scrum development process.
• Strong communication and technical skills with the ability to communicate between business and technical stakeholders.

Preferred Qualifications:

• Experience with securing public cloud platform services such as AWS, Azure, Google.
• Experience with secure CI/CD pipeline design and architecture, automation, and secure code gating.
• CISSP, CCSP, CSSLP, or other relevant certifications
• Experiencing supporting global organizations in the manufacturing industry.
• Ability to adapt to a dynamic environment
• Fluent in English and Spanish