Vacancy expired!
- Partner with application development and other technical teams to perform security architecture reviews.
- Conduct application security assessments and perform source code reviews in order to identify vulnerabilities; advise on mitigation solutions.
- Articulate and highlight common threats and vulnerability vectors to application security, including denial of service, buffer overflows, and input validation.
- Perform web application security testing using manual and automated tools (Burp Suite, etc.).
- Act as a subject matter expert on Java and .NET security architecture.
- Ensure security is being adhered to at each stage of the Software Development Lifecycle (SDLC).
- Assess business requirements and use cases in order to facilitate the adoption of application security controls.
- Develop secure coding standards and evangelize to appropriate technical staff.
- Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
- Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
- Develop and share application security expertise within the broader Information Security team.
- In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
- Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
- Participate in security incident handling and investigations as required.
- Interact and manage vendors, outsourcers, and contractors regarding security products and services.
- Manage and/or provide guidance to junior members of the team.
- Minimum Required:
- Minimum 7 years' experience in information security.
- Proven experience in application security, with some experience in developing web and mobile applications.
- Comfortable with scripting (PowerShell, Python, etc.).
- Familiarity with static code analysis platforms such as Veracode or HP Fortify.
- Understanding and experience in securing OW ASP Top 10 with substantial knowledge in mitigating XSS, SQL injection, and CSRF.
- Strong understanding of the HTTP protocol
- Proven experience with information security best practices.
- Proven project management and organizational skills, specifically managing multiple, concurrent projects.
- Strong interpersonal, written, and oral communication skills.
- Highly self-motivated and directed professional, with keen attention to detail.
- Excellent analytical, problem-solving and decision-making abilities.
- Able to effectively prioritize tasks in a high-pressure environment.
- Strong customer service and solution-focused orientation.
- Experience working in a team-oriented, collaborative environment.
- Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
- CISSP certification desired.
- Prior contribution to the broader security community (research, CVE's, etc.)
- Experience with Node.js
- Understanding of industry standards and compliance requirements related to information security and application security-especially ISO 27001, HIPAA, and PCI DSS.
- ID: #40977040
- State: North Carolina Burlington 27215 Burlington USA
- City: Burlington
- Salary: Depends on Experience
- Job type: Contract
- Showed: 2022-05-16
- Deadline: 2022-07-12
- Category: Security