At TE, you will unleash your potential working with people from diverse backgrounds and industries to create a safer, sustainable and more connected world.
Job Overview
As an Application Security Engineer, you will play a critical role in safeguarding our organization’s digital assets. You will be responsible for both traditional security engineering tasks and the development and implementation of a comprehensive Application Security (AppSec) program from the ground up. This includes identifying vulnerabilities in our applications, creating security policies and procedures, and educating teams on secure coding practices.
Responsibilities:
1. Application Security:
o Design, develop, and implement a robust Application Security program.
o Create and maintain application security policies, standards, and procedures.
o Work with the relevant teams to better integrate security into their software development lifecycle (SDLC) processes.
o Establish metrics and reporting mechanisms to track the effectiveness of the AppSec program.
o Conduct regular security assessments including static and dynamic code analysis (Whitehat).
o Perform penetration testing on applications and systems to identify and exploit vulnerabilities.
o Collaborate with development teams to remediate identified security issues and vulnerabilities.
o Become an expert on TE’s various applications and their criticality to TE and our customers.
2. Security Engineering:
o Perform traditional Information Security Engineering tasks and responsibilities.
o Develop a strong command of our security stack, including but not limited to SIEM(Devo), SOAR(Rapid7 and Devo), EDR/Container Security(Crowdstrike) and more.
o Be involved in triaging and responding to potential security incidents, emerging threats and new vulnerabilities.
o Provide security design reviews and consultations for new and existing projects.
3. Secure Coding Practices:
o Develop and deliver training programs on secure coding practices for development teams.
o Stay up-to-date with the latest threats, vulnerabilities, and security trends to advise on best practices.
o Assist in integrating security into continuous integration/continuous deployment (CI/CD) pipelines and establishing the Information Security Engineering team (ISE) as a Center of Excellence (COE) for AppSec.
4. Incident Response and Management:
o Participate in the incident response process, focusing on application-related security incidents.
o Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence.
5. Collaboration and Communication:
o Work closely with development, operations, and other IT teams to integrate security seamlessly into development and operational processes.
o Act as a security advocate and advisor, fostering a culture of security awareness and best practices.
6. Documentation and Reporting:
o Maintain comprehensive documentation for all aspects of the AppSec program.
o Prepare and deliver reports to stakeholders, summarizing findings, risks, and remediation efforts.
What your background should look like:
• Education: Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degrees or certifications (e.g., CISSP, CEH, OSCP) are a plus.
• Experience:
o Minimum of 3-5 years of experience in application security or related field.
o Proven experience in developing and implementing application security programs. (Project/Program management skills)
o Strong knowledge of security best practices and standards such as OWASP Top Ten, NIST, or similar frameworks.
Soar experience. CICD pipeline. Penetration testing for application/infrastructure and application threat modeling are a plus!
• Skills:
o Proficiency in security assessment tools (e.g., static and dynamic analysis tools, vulnerability scanners).
o Experience with programming languages and development frameworks (e.g., Java, C#, Python, JavaScript).
o Ability to Code.
o Understanding of various API’s (REST) API Frameworks and API Security.
o Familiarity with security features in cloud platforms (AWS and Azure).
o Experience with WAF’s (web application firewalls) and WAF logs.
o Experience automating or using automation tools and frameworks.
o Experience evaluating infrastructure as code, AMI’s, or containers for security vulnerabilities.
o Experience with both SIEM and SOAR tools.
o Experience with application logs, logging architecture and logging methodology in general.
o Strong general information security principles.
o Understanding of common application security vulnerabilities and their remediations (OWASP Top 10).
o Some experience with Container security and container security solutions for Docker, K8’s, ECS, AKS and Fargate.
Competencies
Values: Integrity, Accountability, Inclusion, Innovation, Teamwork
ABOUT TE CONNECTIVITY
TE Connectivity is a global industrial technology leader creating a safer, sustainable, productive, and connected future. Our broad range of connectivity and sensor solutions enable the distribution of power, signal and data to advance next-generation transportation, renewable energy, automated factories, data centers, medical technology and more. With more than 85,000 employees, including 8,000 engineers, working alongside customers in approximately 140 countries. TE ensures that EVERY CONNECTION COUNTS. Learn more at www.te.com and on LinkedIn, Facebook, WeChat, Instagram and X (formerly Twitter).
COMPENSATION
• Competitive base salary commensurate with experience: $116,560-174,840 (subject to change dependent on physical location)
• Posted salary ranges are made in good faith. TE Connectivity reserves the right to adjust ranges depending on the experience/qualification of the selected candidate as well as internal and external equity.
• Total Compensation = Base Salary + Incentive(s) + Benefits
BENEFITS
• A comprehensive benefits package including health insurance, 401(k), disability, life insurance, employee stock purchase plan, paid time off and voluntary benefits.
EOE, Including Disability/Vets