Responsibilities
Core Responsibilities
- Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
- Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training.
- Develop and maintain the application security architecture, ensuring that it aligns with overall security strategy and standards.
- Evaluate, implement, and manage security tools and technologies that enhance the security posture of applications.
- Conduct risk assessments for applications to identify potential vulnerabilities and threats, develop strategies to mitigate these risks.
- Oversee and coordinate security testing activities, including static code analysis, dynamic application security testing, and penetration testing.
- Perform system hardening and remediation to effectively guide developers and system administrators in addressing vulnerabilities and implementing security controls.
- Perform security assessments, penetration testing, and code reviews to identify potential flaws in codes and mitigate vulnerabililties.
- Analyze security needs and software requirements to determine feasibility of design within time and cost constratints and security requirements.
- Perform threat modeling, risk assessment, and vulnerability management to identify potential security risks and work with development teams to implement appropriate security controls.
- Provide guidance and training to development teams on secure coding practices and promote security awareness across the organization.
- All other duties and projects as assigned.
Qualifications
Education
Bachelor’s degree in computer science, Information Security, or a related field.
Experience
- A minimum of 10+ years of experience using penetration testing tools like Burp Suite.
- Experience in application security tools and IDE Plug-in environments, including HP Fortify.
- Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
- Expertise in system hardening and remediation.
- Proficiency in security assessments, penetration testing, and code reviews.
- Expertise in threat modeling, risk assessment, and vulnerability management.
- Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.
- Strong leadership, communication, and interpersonal skills.
- Collaborative and effective in cross-functional team environments.
- Strong analytical skills to assess risks and vulnerabilities in complex systems.
Preferred Qualifications
- Professional certifications such as CISSP, CSSLP, or CEH
- Cloud Technology Expertise : Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud.
Your understanding of cloud infrastructure will enable you to assess secruity aspects unique to cloud-based mobile applications and API's.
Cloud Platform Experience : Possess working knowledge and practical experiences in security testing within cloud platforms, particularly Azure.
Your familiarity will be crucial for assessing the secruity of cloud-hosted mobile applications and APIs.
- Proficiency in scripting and automation for security testing.
30+ days ago