Vacancy expired!
- Help lead the Secure DevOps application security program by building, executing, and documenting a Secure Software Development Lifecycle
- Utilization and maintenance of SAST/DAST tools including upgrades, reconfigurations, knowledge of vulnerabilities and experience integrating with build servers, bug tracking and ticketing solutions
- Application security insight and implementation of best practices regarding security in software development, IoT platform, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions
- Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include:
- Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
- Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities
- Determines security requirements based on business needs, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates
- Work with corporate security governance team to comply with internal SLA and policies
- Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions.
- 5-7+ years in application security (prefer 1-2+ prior years in development)
- Advanced written and oral communications skills with the ability give a program overview to senior level leadership and clients.
- Able to build and manage a professional development and training program for Application Security Engineers and Architects
- Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred)
- Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF)
- Experience building out and operating a Secure DevOps program
- Experience with working with common commercially available and Open Source Dynamic and Static Application Security Testing solutions
- Extensive enterprise development experience in Java and/or .NET languages (preferred)
- Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
- Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications.
- Ability to travel (less than 20%)
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off
Vacancy expired!