We Are Hiring

Senior Application Security Specialist - Infra Security - Full-Time, Days - Chicago, IL

Why Join Ascension?

What You Will Do

Job Summary:

The Senior Application Security Specialist will lead the evaluation of the security posture of Web Applications, Mobile Applications, API’s and Web Services hosted both on-premises and in the cloud. The specialist will work jointly with Product Development Teams and Architects to review application code, identify potential security issues, and suggest/track remediations for applications and back-end systems. Conduct web and mobile application security vulnerability assessments using Static Application Security Testing (SAST), Software Composition Analysis (SCA), and / or Dynamic Application Security Testing (DAST) using scanning tools and manual checks to provide visibility to the appropriate development teams in order to coordinate follow-up. An understanding of modern web application development languages is necessary to communicate mitigating controls and potential remediation activities.  Familiarity will Continuous Integration/Continuous Delivery (CI/CD) is also required.

Responsibilities:

• Align application security strategy with business goals.

• Partner with developers to refine security checkpoints in the SDLC that are based industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.

• Develop policy and relevant guidelines to define security and operational requirements.

• Translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

• Manage and executes strategies to increase application security knowledge throughout the enterprise.

• Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.

• Use tools and manual testing to perform code security analysts to identify vulnerabilities and attack vectors in web applications.

• Work with information security analysts to refine web application penetration testing methods and breadth of security services.

• Obtain and review all required artifacts as part of various security checkpoint phases in the development lifecycle cycle.

• Collaborate with periodic security risk assessments, IT security audits, and management reporting.

• Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.

• Mentor and train less experienced personnel

What You Will Need

Education:

• High school diploma/GED with 2 years of experience, or Associate's degree, or Bachelor's degree required

• Bachelor's degree preferred or equivalent work experience.

Work Experience:

• 1 year of experience required.

• Three years of experience with a focus on web application security methods preferred.

• Security risk assessment and systems security audit work experience is highly desired.

• Experience working with common application security tools such as Fortify or BurpSuite is a plus.

• CISSP, CEH or other technical security certifications preferred

• Self-starter with the ability to perform tasks as an individual contributor or as a project lead.

Equal Employment Opportunity

Ascension Technologies is an EEO/AA Employer M/F/Disability/Vet. Please click the link below for more information.

http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf

EEO is the Law Poster Supplement

http://www.dol.gov/ofccp/regs/compliance/posters/pdf/ofccp_eeo_supplement_final_jrf_qa_508c.pdf

E-Verify Statement

Ascension Technologies participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.

E-Verify (link to E-verify site)