WashingtonRecruiter
the smart solution for Washington DC jobs

Application Security Engineer - Marriott International HQ (190012GI)

Company: Marriott International, Inc.
Location: Arlington
Posted on: April 18, 2019

Job Description:

Heres To Your Journey with Marriott International is the worlds largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you? The Marriott International HQ located at 10400 Fernwood Road, Bethesda, MD 20817 is currently hiring a Application Security Engineer. Responsibilities include: JOB SUMMARY Performs security application source code reviews, application vulnerability testing and application threat assessments. Leverages advanced tools, methods and approaches to demonstrate weaknesses in applications. Responsible for assuring developers and technical personnel address application security issues in a timely fashion. Will routinely collaborate with different security team members including, but not limited to: architecture, infrastructure, network, compliance and incident response. CANDIDATE PROFILE Education and Experience Required: Bachelors degree in Computer Science or related field or equivalent experience/certification 3+ years working as a frontend or backend software developer Has written, tested and deployed at least one revenue generating web application Has worked as a developer on a team consisting of 5 or more software developers Expert level knowledge of at least one compiled programming language Expert level knowledge of at least one interpreted programming language Ability to write a software specification Knows how to perform an application stress test Ability to conduct independent research Strong understanding of HTML, HTTP, JSON, and XML Ability to fluently write, read, debug and test applications written in Java and JavaScript Understanding of web service implementation paradigms (REST, SOAP) Familiar with OWASP and the common flagship projects Basic understanding of Cryptography concepts: hashing, signing, symmetric/asymmetric encryption and decryption Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Reverse Shells, Firewalls, Basic understanding of defensive programming and test-driven development Knows how to perform common application exploits: XSS, SQL Injection, UI Redressing, Directory Browsing, Log Forging Basic understanding microservice application architecture, software cohesion and software coupling Willing to write tools as necessary to perform day to day duties. Comfortable learning new programming languages as needed to conduct code reviews Preferred: Current information security and/or software development certification, including Certified Secure Lifecycle Professional (CSSLP), Professional Software Engineering Master (PSEM), Certified Software Development Professional (CSDP), GIAC Secure Software Programmer (GSSP) Expert level knowledge static analysis tools and methods Expert level knowledge of dynamic analysis tools and methods Advanced knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall) Strong understanding of, SAML, OAuth and OIDC Strong understanding of common cryptographic algorithms and libraries Experience with mobile application development on Android or iOS 2+ years working as full stack software developer 1+ years working in a software QA role. Comfortable with the following tools and technologies: Git, ZAP or BurpSuite, Postman, SoapUI, Jenkins, Artifactory, SonarQube, FindBugs, Docker, JIRA, Confluence, CORE WORK ACTIVITIES Security Assessments Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection. Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery. Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls. Works with other security team members to research and test for complex security issues. Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws. Validates external security researcher bug bounty submissions. Works closely with service providers and external security support resources to schedule, track and manage outsourced security testing efforts. Creates and/or maintains threat models to communicate risks to engineers, project managers and other technical personnel. Ensures applications are built according to enterprise security standards. Source Code Reviews Works with development teams to review application source code for security and operational risks. Perform manual code reviews of applications that are not compatible with automated SAST tools. Provide detailed security documentation to developers, software engineers and technical personnel when necessary Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws Administrative Participate in peer reviews of security assessments created by other team members. Manage tickets and SLAs associated with security testing efforts. Maintain the enterprise SSDLC standard. MANAGEMENT COMPETENCIES Leadership Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods. Leading Through Vision and Values -Keeps the organization's vision and values at the forefront of employee decision making and action. Managing Change -Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges. Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action. Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values. Managing Execution Strategy Execution Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes. Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required. Building Relationships Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the companys service standards. Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential. Strategic Partnerships -Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed. Generating Talent and Organizational Capability Developing Others -Supports the development of others skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively. Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit. Learning and Applying Professional Expertise Continuous Learning - Actively identifies new areas for learning; regularly creates and takes advantage of learning opportunities; uses newly gained knowledge and skill on the job and learns through their application. Technical Acumen - Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach function-specific work challenges To apply now, go to: https://jobs.marriott.com/marriott/jobs/190012GI?%3Flang=en-us Marriott International is consistently recognized as an employer of choice globally by FORTUNE magazine, DiversityInc and Great Places to Work Institute, among others. Visit www.marriott.com/careers to learn more about our workplace culture and career opportunities. Chat, engage and follow us on social media. https://www.facebook.com/marriottjobsandcareers http://www.twitter.com/marriottcareers http://www.linkedin.com/company/marriott-international http://www.instagram.com/marriottcareers @lifeatmarriott on Snapchat So, we ask, where will your journey take you? Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.

Keywords: Marriott International, Inc., Washington DC , Application Security Engineer - Marriott International HQ (190012GI), Engineering , Arlington, DC

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Engineering Jobs


Diesel Mechanic - Top Pay! - Annapolis, MD (White Marsh,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: White Marsh
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Annapolis, MD (Glenwood,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Glenwood
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Annapolis, MD (Laurel,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Laurel
Posted on: 04/22/2019


Diesel Mechanic - Top Pay! - Prev Mechanic EXP Required - Annapolis, M
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Fallston
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Mount Joy, PA (Fork,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Fork
Posted on: 04/22/2019

DevOps Engineer- Cloud Architect
Description: We are on the hunt for a talented Cloud Architect to manage a CMS private AWS cloud architecture and position in cloud environments. You will play a strategic role in maintaining all cloud systems including (more...)
Company: Mantech International Corporation
Location: Owings Mills
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Annapolis, MD (Rosedale,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Rosedale
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Annapolis, MD (Rock Hall,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Rock Hall
Posted on: 04/22/2019

Diesel Mechanic - Top Pay! - Prev Mechanic EXP Required - Mount Joy, P
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Fallston
Posted on: 04/22/2019

Diesel Mechanic - Top Pay - Annapolis, MD (Sandy Spring,MD)
Description: Fleet Mechanic With general direction from the Shop Supervisor, provides a wide range of technical services on company buses, vans, and automobiles. This position that requires significant technical training (more...)
Company: Student Transportation of America
Location: Sandy Spring
Posted on: 04/22/2019

Log In or Create An Account