Vacancy expired!
- Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
- Research information security standards; conducts application security and vulnerability analyses and risk assessments; research threats and attack vectors that impact applications. An example would be interpreting a SOC 2 from a vendor to determine if technical requirements of a control are met.
- Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support.
- Technically mentors associate within the department. Provides training and guidance to team members as required.
- Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
- Participates in automation of scanning and workflows around an internal application security framework
- Ensures teams are validating for OWASP and performing industry leading application security practices such as NIST Cyber Security Framework.
- Perform other duties as assigned.
- 8+ years of relevant work experience.
- Experience in application vulnerability assessments, Testing and execution
- Broad experience in Quality Assurance and software Development with security testing/development as focus area.
- Advanced experience in security testing tools such as Burpe Suite, Zap, or similar tools. Strong background with application security assessments.
- 4+ years hands on system administration and scripting experience. (SQL , PL/SQL Scripting and Oracle Database Tools)
- Experience in Programming languages like Java, Net, Perl/Shell/AWK scripting is a plus.
- Awareness of Advanced Automation scripting and Automation testing tools.
- Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Experience in application technology security testing (white box, black box and code review).
- SAML, Oauth, Cloud authentication/authorization mechanisms, and secrets management
- SDLC Preferred Experiences
- 5+ years' experience in systems and network monitoring technologies and tools
- 4 or more years' experience in designing solutions or applications with programming technologies and tools
- Experience working with Cisco/Juniper network equipment devices is a plus.
- 2 + years of experience with public and hybrid cloud environments.
- Insurance industry knowledge
- SANS GIAC
- CISSP
Vacancy expired!