Application Security Specialist

(#jobs) We are looking for an Application Security specialist with 10+ years of extensive experience & knowledge in developing security solutions & providing governance for both cloud and on-premise applications. The individual will possess a strong understanding of application technology stack, development methodologies and secure development controls. He will also possess a keen eye for detail and be able to identify security issues in application architecture. Essential Functions • Work with Enterprise Architecture teams to conduct application design reviews. Identify threats and potential security issues and help the teams with practical secure control recommendations • Develop security metrics & measurement capability to demonstrate application security and SDLC security activities • Act as a trusted security consultant across the global enterprise • Provide technical security leadership to app dev architects and software developers for secure software development using both agile and traditional waterfall methodologies • Stay current with attacks, industry trends and threat mitigation measures in the application security space • Communicate timely and accurately - project related security risks and countermeasures to information to relevant parties • Seeks for innovation and creativity in security solutions Required Skills/Experience • Expert level knowledge in SAST, DAST, IAST, RASP, WAF and related technologies • In depth knowledge of OWAP Top 10, SANS CWE top 25 and other application level risks and attacks • In depth knowledge of Secure Design Review and Threat Modeling methodologies • Experience in HTML, Java, JavaScript, and .Net, and scripting languages like Python, C Shell, Perl etc. • Experience with Web Services security (REST, SOAP, XML, etc.) • Experience with scripting languages such as Python, C Shell, Perl etc. • Experience with API gateways and authentication protocols such as OAuth, OpenID Connect and SAML • Familiarity with Cloud security controls for SaaS, IaaS, and PaaS • Familiarity with static code analysis tools like IBM Appscan, HP Fortify, & Veracode. • Familiarity with container technologies such as Docker, Kubernetes. • Familiarity with DevOps processes & principles. • Strong written and oral communication skills.