IT - Systems Integration
Mar 18, 2018
Our client is the leader in eCommerce security and compliance. Enforced by technology, infrastructure and governance processes, the application security program is designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet customer’s ever-changing needs.
We are looking for an Application Security Specialist to join our growing information security and development teams. The Application Security Specialist will help shape software security innovation and play a key role in the evolution of current and future product development.
- Integrating security tools, standards, and processes into the software development life cycle (SDLC)
- Ensuring developers and QA personnel are trained with the appropriate level of software security knowledge to perform their daily activities
- Improving and supporting application security tool deployments including static analysis and dynamic (runtime) testing tools
- Improving and maintaining secure development standards
- Supporting incident response and architecture review processes whenever application security expertise is needed
- Managing routine penetration testing services, including both expert consulting and managed services
- Providing manual penetration testing and standards gap analysis services to internal business and technology partners
- Managing application security framework and security technology improvement projects
- Supporting Vendor Security activities (part of supply chain risk management processes) to ensure 3rd party software and development meet security standards
- Integrating threat modeling practices into the product development life cycle
- Providing security requirements for test driven design
- Producing metrics reporting the state of application security programs and performance of development teams against requirements
What you bring:
- The candidate should have familiarity with a variety of development and testing tools, including: IntelliJ, Git, Jira, Confluence, Maven, New Relic, Chef/Puppet, Jenkins, Ansible, Selenium, Docker, Kubernetes, Nagios, Zabbix, Elasticsearch and ELK, Nexsus
- Candidate should also have expert hands-on experience working with one or more SAST, DAST and IAST tools such as Veracode, Coverity, Fortify or AppScan
- Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
Mandatory minimum requirements:
- Bachelor's degree in Computer Science, mathematics, physical sciences or engineering fields.
- One of the following certifications is mandatory: (ISC)2: CISSP, CCSP or CSSLP
- Familiarity with industry standards and regulations including PCI-DSS, SOC1, SOC2 and ISO27001 is mandatory for the role.
- 5-10 years of relevant work experience.
- Experience with cyber security attacks and best practices for mitigation methods.
- Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection
- Expertise in employing analytics and threat intelligence techniques, Incident response process; Software security
- IT supply-chain risk management and assurance; cloud security operations