Vacancy expired!
- Maintain awareness of the latest critical information security vulnerabilities, threats, and exploits
- Provide guidance on existing and emerging threats in the web and mobile application space as they apply within the environment
- Facilitate application demonstration sessions with developers and application owners to educate the Application Security team on application functionality prior to performing technical security assessments
- Assist in conducting and facilitating security reviews, as directed by senior team members, throughout the application development lifecycle
- Performing and improving security assessments for applications across the enterprise
- Documenting application security vulnerabilities within organizations tracking system
- Communicating vulnerabilities to application stakeholders
- Assist in communicating technical application security concepts to customers, including developers, architects, and managers
- Assist in training customer staff on application security and remediation of application security code defects
- Identify enhancements to tools, standards, and processes
- Provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis
- 1-2 years of direct enterprise-level software development experience
- Java/JSP
- .Net Framework (C#, VB, ASP)
- Web Applications (N-Tier)
- Mobile/Application Services
- 1-2 years of direct application security and/or security developer experience
- Demonstrate knowledge of web application vulnerabilities and web application business logic flaws and threats
- Demonstrate understanding of application architectures and technology, including web applications, mobile technology, data encryption, and identity and access management.
- Hands-on Experience with manual vulnerability testing and static code analysis is strongly desired
- Experience with tools such as Burp Suite, ZAP Proxy, Metasploit, and other open-source security tools
- Must have an understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols
- Experience in OWASP Top 10, SANS 25, NIST, and CVE
- Written and verbal communication skills are critical
- Adept at communicating concepts to diverse audiences with varying skill sets
- Certification such as OSCP, OSWE, or ECSA is a plus
Vacancy expired!