Friday, September 27, 2019

Sr. Application Security Engineer

Sr. Application Security Engineer-(937597N)
Job Responsibilities 
  1. Maintain the day to day operations, configuration and scaling of the SAST, DAST, CLM & Mobile Automated assessments
  2. Assist with the development and maintenance of automations as part of the enterprise DevSecOps model to ensure assessments are being performed regularly and data results are available for consumption by stakeholders
  3. Be subject matter expert on common web application security findings such as the OWASP top 10 and provide remediation recommendations
  4. Assist with false positive reports from developers for findings from the static or dynamic assessment platforms and develop false positive reduction strategies and guidance
  5. Support triage and validation of security vulnerabilities detected in production and/or reported via responsible disclosure processes
  6. Maintain and compose operational process documentation regarding program execution.
  7. Interface with other CIS organizations such as Governance, Risk, Business Information Security and Threat Intelligence to report on program status and coordinate risk identification
What We're Looking For:
To make it clear, we're not looking for just anyone. We're looking for someone special, someone who
has in-depth experience and clearly demonstrates these skills:
  1. Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience
  2. 5+ years of IT professional experience, with previous information security experience
  3. Direct experience maintaining enterprise level static & web application assessment platforms such as Microfocus Fortify & WebInspect, Veracode, WhiteHat, AppSpider, etc
  4. Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues
  5. Expertise in interpreted languages (Python, Javascript) and compiled languages (Java, .Net) with full-stack development experience and strong knowledge of software development lifecycles
  6. Previous experience deploying and maintaining configuration as code systems, services, containers and applications in AWS, Azure and/or GCP
  7. Experience with data analytics with the ability to provide qualitative analysis and recommendations
  8. Strong verbal and written communication skills
  9. Strong attention to detail, data accuracy, and data analysis
  10. Self-motivated and operates with a high sense of urgency and a high level of integrity
Previous experience working in large scale environments with diverse technologies

Required

  • .NET
  • DATA ANALYSIS
  • DATA ANALYTICS
  • GCP
  • INFORMATION SECURITY

Additional

  • JAVA
  • JAVASCRIPT
  • MICROFOCUS
  • PYTHON
  • QUALITATIVE ANALYSIS
  • SECURITY
  • SOFTWARE DEVELOPMENT
  • CODING
  • CYBER SECURITY
  • DOCUMENTATION
  • ENGINEER
  • GOVERNANCE
  • MAINTENANCE
  • MARKETING ANALYSIS
  • MICRO FOCUS
  • OPERATIONS
  • PROCESS DOCUMENTATION
  • QUANTITATIVE
  • REMEDIATION
  • STRUCTURED SOFTWARE
  • SUBJECT MATTER EXPERT


Jessica Hughes | Centizen, Inc. | 503-922-0469