Analyst/Developer - Specialty 4

12 month contract - 100% remote Our client is actively hiring for an Application Security Developer. This position will be fully remote but will be a collaborative role working with team members. You will be responsible for leading team meetings and running presentations. Day to Day Info:

• What are the day to day responsibilities? This role is for developer who will be interfacing with the web application, (anything internet accessible), application teams, and developers to ensure security tools are embedded into their processes, including CICD, and DevOps.
• Skills Requirements
  • (Top 3-5):
    • Application development
    • Programming experience
    • Java
    • .NET
    • Scanning application security background (such as Checkmarx or Fortify)
  • # of years: 5-10 years of application security

• Assist Team Leaders in execution of VM security operational processes and technologies.
• Provide support of operational tools and processes for dynamic application security testing (DAST), static application security testing (SAST).
• Provide technical expertise in the integration of security tools in CI/CD pipelines.
• Provide education and guidance about SAST/DAST tools and process best practices
• Provide input and support to leaders/peers from architecture, engineering, Cloud, and IT operations on architecting tools and solutions related to application security and vulnerability management.
• Obtain and maintain knowledge on existing security procedures and directives related to application security and vulnerability management. Provide overview of services and status of key project to stakeholders and security leadership.
• Provide strategic/thought leadership on maturing and optimizing Vulnerability Management Programs.
• Provide direction and support of operational tools and methods for identifying and communicating vulnerable items for Vulnerability Management (VM).
• Key contributor on team deliverables and key projects.
• Provide oversight for VM activities such as new tool implementation/investigation, significant changes, and process improvements.

• Bachelor's degree in Security Engineering/Architecture, Computer Science, Cybersecurity or a related field
• Three or more years' experience in direct job-related field (Security. Engineering/Architecture, Computer Science, Cybersecurity).
• At least five years of IT experience
• GIAC GWAPT, GWEB or GISCP certified preferred

• Experience with SAST tools - Fortify, Checkmarx.
• Experience with DAST tools - WebInspect, Acunetix.
• Understanding of the Secure Software Testing.
• Understanding of multi-tiered architecture.
• Experience developing and testing apps in .NET or Java and other leading modern programming languages and technologies.
• Experience with newer development frameworks.
• Experience performing mobile security reviews.
• Experience with cloud security: Amazon AWS, Windows Azure.
• Knowledge of information security frameworks, ISO 27001, 27002, NIST CSF, NIST 800-82.
• Good Knowledge of OWASP Guidelines for application security.
• Good Knowledge of software development processes, integration of security assessments in Software development life cycle (SDLC) process, secure coding is desirable.
• Understanding of web application firewall tools, concepts, methodologies.

• Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively.
• Exhibit strong influencing / negotiation skills as well as written/verbal communication skills and presentation skills.
• Ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required.
• Strong problem solving/analytical skills.