American College of Radiology
IT Security Specialist (Information Technology)
The application security engineer position is designed to make certain that the security department is able to review any software developed or acquired by the organization and to ensure such software meets the organization's stringent standards while enabling rapid innovation to meet organization's ever-changing needs.
The application security engineer will be a security evangelist who translates security concepts into language that is meaningful to different audiences, including business & technical leaders/staff and individual contributors. The application security engineer must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security.
The application security engineer must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10 to any audience, and discuss effective defensive techniques. It should be familiar with waterfall and agile development processes and work integrating secure development practices into both models. It should also become familiar with industry standards and regulations including PCI, HIPAA, GCP, HITRUST, and ISO27001.
Duties & Responsibilities: