Vacancy expired!
Leadership:Determine application security requirements by evaluating business strategies and requirements against established security standards, risk assessment methodology, and client requirements
- Provide guidance to Information Security and Development teams on secure coding best practices
- Serve as subject matter expert on application security tools and techniques
- Work with the Director of Information Security to stand up a repeatable process that can be used to assess all applications in the pipeline for risk
- Risk and Threat Management:
- Perform risk analysis to determine risk profile of internal applications and in turn determine required security posture for internal applications
- Understand and evaluate the cyber threat landscape and assist in threat modeling activities
- Assist with creating and tuning application security monitoring use cases
- Research and Analysis:
- Perform technical research into advanced, targeted attacks, campaigns, malware and other emerging technologies and techniques to identify and report on application security cyber-attacks
- Conduct application penetration testing, as needed, to verify security measures are sufficient
- Identify common coding flaws at a high level. Evaluate open source and third-party software components for potential security flaws and vulnerabilities
- Conduct insightful research on observed and noteworthy applications threats, as discovered using open and proprietary source as well as vendor-provided intelligence
- Assess behavioral and atomic threat indicators and their fidelity, and distribute indicators to applicable teams for ingestion
- Audit and Reporting:
- Track and report progress on software assurance security initiatives to management
- Create application security reports aligned with OWASP top 10, PCI, HiTrust, etc.
- Bachelor’s degree in Computer Science related field or equivalent work experience
- Strong software development skills in .NET, C#, Java or Python
- Understanding of secure code review in technologies such as ASP.NET, C#, JavaScript, Jquery, JSON, Python, Node.js, web APIs
- Knowledge of SQL / NoSQL Databases to include MSSql, Postgres, MongoDB
- Familiarity with common web application testing tools for Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Interactive Application Security Testing (IAST) analysis
- Experience integrating security into Dev Ops environments and the use of tools such as Checkmarx
- Experience with application penetration testing using tools such as Burp Suite and Metasploit
- Experience with Identity Access Management technologies (e.g. including SAML, LDAP)
- Familiarity with Web Application Firewall(s) (WAF) and reverse proxies
- Ability to adjust and adapt in a fast pace and dynamic environment
- Ability to communicate technical problems, vulnerability, and risk into a business
- Ability to make sound decisions and possess excellent problem-solving skills
- We are passionate about empowering our employees to be extraordinary – and they continue to come through. So, if you are an Innovator, Collaborator and Doer, then welcome home.