Vacancy expired!
- Work closely with Application Development, Quality Assurance, Technical Services and business teams to ensure our solutions are highly secure
- Leverage your advanced application security knowledge when leading security review sessions, participating in design sessions, defining functional requirements, and developing testing scenarios
- Ensure that risks are identified
- Partner with the Application Development teams to ensure mitigation plans are developed and executed
- Embrace and recommend secure development practices to reduce design flaws which could lead to exploitation
- Collaborate with team members on broader information security program maturity efforts, strategic thinking, and other security-related initiatives
- Responsible for application security standards, assessments and code review as part of the software development lifecycle
- Collaborate with teams to perform internal and 3rd-party vulnerability and penetration testing
- Coordinate with QA testers and developers to conduct repetitive validation testing throughout the development lifecycle
- Leverage technical application testing capabilities to qualify findings and provide more specific remediation recommendations for resolution while reducing false positives
- Focus on automation to aid in efficiencies with testing and remediation of security findings
- Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing
- Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place
- Drive security awareness and evaluation earlier in the development lifecycle
- Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed
- Utilize security standards and implementation configurations, and common security frameworks
- Align with architects and development teams for a mission of secure design
- Actively participate and lead security team meetings that facilitate secure design
- Address service and escalation tickets within SLA expectations
- Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted
- Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes
- Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle
- Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls
- Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software
- Assist with periodic security risk assessments, IT security audits, and management reporting
- Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms
- Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status
- Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders
- BA / BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture
- Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts
- DAST / SAST / IAST solution evaluation, selection, implementation, operational use
- Microsoft Azure and Dynamics 365 roles, permissions definition and provisioning
- Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams
- Experience with Agile and DevOps development principles and processes
- Understanding of all phases of product, software, and testing lifecycles
- Clear and concise verbal and written communication skills
- Excellent presentation skills
- Ability to flow smoothly between strategic planning and tactical execution
- .NET development or support experience highly preferred
- 3+ years of experience in healthcare, finance or benefits administration
- Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools
- Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions
- Knowledgeable in SDLC, Agile and/or Waterfall methodologies
- Knowledge of threat modeling and countermeasures
- Experience with conducting Security Code Reviews
- General knowledge of databases, applications, system interfaces, and operating systems
- Understanding of relational databases, structures and design
- Moderate SQL knowledge
- JAVA development or support experience
- Experience with forensics and vulnerability management systems
- Industry education and/or certifications are preferred
- Ability to read and understand code, and ability to script
- Familiarity with Web Application Firewalls
- Ability to work independently and in a team-oriented, collaborative environment
- Must be able to learn, understand and apply new technologies
- Knowledge of application development security best practices as they relate to policies and procedures, configuration, and implementation
- Knowledge of cloud environments including security, configuration, and management
Vacancy expired!