Senior Advisor- Application Security

What We'll Bring:At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation we're consistently exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius. Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.What You'll Bring:The TransUnion Cyber Security program seeks an application security advisor to help identify and mitigate application security vulnerabilities. This resource will serve on Transunion's application security team, where they'll perform core services that are essential to securing Transunion's business. The application security advisor should be well versed in multiple security domains with an emphasis on application security and on performing secure code reviews.

• Experience in multiple areas of Information Security
• Extensive experience in web application security testing
• Extensive experience in application security
• Extensive experience in performing secure code reviews (both automated and manual)
• Familiar with OWASP Top 10
• Familiar with development methodologies
• Experience with one or more programming languages
• Ability to automate repeatable tasks
• Strong verbal and written communication skills

• Development experience
• Experience working in large enterprises
• Familiarity or experience with CI/CD pipelines and Agile methodologies
• Experience working with AWS and cloud platforms
• One or more of the following certifications (or similar): GPEN, GWAPT, GWEB, OSCP, CISSP, eCPPT, etc.
• Familiarity with tools such as Veracode, Checkmarx, Fortify, Burp, IBM AppScan, and BlackDuck

• Conduct time boxed web application assessments
• Conduct remediation validations against prior findings
• Conduct manual code reviews
• Conduct static and dynamic code analysis
• Consult with developers and architects on secure development
• Work with application teams to communicate vulnerabilities, provide remediation guidance, demonstrate issues and work with developers to remediate and mitigate risks
• Work on and track tasks via TU's ticketing system
• Provide metrics related to your work on a bi-monthly basis
• Help build and improve operational processes
• Familiar with AWS and other cloud technologies
• Stay up to date on application security attack vectors and risks
• Mentor and train team members