Application Security Advisor
What we’ll bring:
· A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools.
· Flexible time off (unlimited), workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and trainings.
· Our culture encourages our people to hone current skills and build new capabilities.
What you’ll bring:
· 5+ years of experience in Information Security or related field
· 8+ years of experience in application development (HTML/CSS, HTTPS, Python, Java/Javascript, .NET, C++/C#, Ruby)
· 3+ years of experience with Application Security & Application Penetration Testing
· Strong understanding of the variety of application development architectures, platforms, methodologies, and supporting operations.
· Understanding of network protocols coupled with experience in one or more of the following: web proxies, web application firewalls, and vulnerability assessment tools
· Experience with Javascript frameworks such as Angular, Node, Express
· Experience working in a team-oriented, collaborative environment with a high level of analytical and problem-solving abilities
· Ability to effectively prioritize and execute tasks in a high-pressure environment
· Positive attitude with strong oral and written communication skills
· 4 year college degree in Computer Science or equivalent experience
· Excellent attention to detail
#LI-AL1
#DICE
We’d love to see:
· Familiarity or experience with CI/CD systems
· One or more of the following certifications (or similar): GPEN, GWAPT, GWEB, OSCP, CASS, CISSP, eCPPT, etc.
· Familiarity with tools such as Veracode, HP WebInspect and BlackDuck
Impact you’ll make:
· Provide expert level security consultation to project teams, application owners, and general technology teams on relevant security controls and Secure-SDLC process requirements
· Build & Monitor systems that ensure application security policies, coding standards and required security controls are being followed and appropriately mitigating threats
· Oversee required security education initiatives and foster a security-conscious culture within AppDev teams
· Develop, Enhance, and Participate, as needed, in security portion of Secure-SDLC
· Assist development and QA teams to perform static and dynamic testing. Analyze and provide remediation guidance for identified vulnerabilities; validate and verify remediation implementation
· Participate and lead Information Security projects to expand AppSec capabilities
· Participate in security architecture reviews and exception approval processes
· Create meaningful metrics to demonstrate the effectiveness of security controls and security team operations
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.