Vacancy expired!
- Audit and support Application Services project delivery teams to ensure they are leveraging best practices and building an appropriate level of security into customer software.
- Assess and test software and systems for potential vulnerabilities and communicate findings to teams and customers.
- Build threat models and control catalogs for software teams; stay current on emerging threats.
- Support enterprise security goals including PCI compliance and other privacy requirements.
- Develop test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.
- Select, deploy, and configure tools for security testing of applications and systems.
- Capture and communicate security metrics for environments, systems, and applications.
- Compiles, maintains, and documents a collection of software that can trace the source of and otherwise investigate attacks on the systems
- Acts as a technical resource on information security incident investigations and forensic technical analyses.
- Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
- Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
- Review and analyze existing processes and suggest improvements for increased security and efficiency
- Serves as an active member of the incident response team and participates in security incident response efforts by, among other things, having an in-depth knowledge of security systems, common security exploits, vulnerabilities, and countermeasures
- Bachelor’s degree in Computer Science, Cybersecurity or a related field, or minimum of 5 years' experience in a related role or field.
- Strong technical background and understanding of systems architecture and infrastructure, information security, and automation tools e.g., Terraform, Chef, Puppet, Ansible, Maven.
- Strong understanding of Agile SDLC and DevSecOps concepts and practices.
- Familiarity with web application frameworks, API technologies, and micro services.
- Experience in one or more Object-Oriented programming language.
- Experience in one or more vulnerability management platforms e.g., Tenable Security Center or Qualys.
- Experience in one or more scripting languages (bash, python, power shell, etc.).
- Experience applying security standards/guidelines (such as OWASP, CIS, etc.)
- Strong understanding of Linux and Windows administration.
- Strong understanding of Azure and Amazon Web Services
- Strong understanding of fundamental TCP/IP and related network services (e.g. DNS, NTP, SNMP, SMTP, etc.) and network security design concepts.
- Experience in 2 or more application security domains (e.g., Secure Coding, Cryptography, Penetration Testing, Vulnerability Assessment, Static and Dynamic Application Security Testing et.)
- Integration level knowledge of API Security Architecture, and technologies such as, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML.
- Ability to solve complex problems and communicate risks and technical concepts to both technical and non-technical audiences.
- Excellent verbal and written communication skills.
- Ability to context-switch between multiple projects, codebases, and concepts with ease.
- Certified Application Security Engineer (CASE) or Certified Ethical Hacker (CEH) Certification
- ID: #23904407
- State: Arizona Scottsdale 85250 Scottsdale USA
- City: Scottsdale
- Salary: $100,000 - $125,000
- Job type: Permanent
- Showed: 2021-12-05
- Deadline: 2022-01-30
- Category: Systems/networking