Sunday, February 28, 2021

Application Security Architect - Penetration Testing (8-13 yrs) (Cynosure Corporate Solutions)

Key Responsibilities:

- Integrating security tools, standards, and processes into the product life cycle (PLC)

- Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities

- Improving and supporting application security tool deployments including static analysis and runtime testing tools

- Improving and maintaining secure development standards

- Supporting the incident response and architecture review processes whenever application security expertise is needed

- Managing annual penetration testing services, including both expert consulting and managed service.

 - Providing manual penetration testing and standards gap analysis services to internal business and technology partners

- Managing application framework and perimeter security improvement projects.

- Supporting Vendor Security activities to ensure 3rdparty software and development meets security standards

- Providing security requirements for testdriven design

- Producing metrics reporting the state of application security programs and performance of development teams against requirements

- Identify application security risks and requirements for new projects and system developments. Enforcing security policies and procedures concerning production infrastructure

- Lead security architecture reviews

- Integrate threat modeling practices into the product lifecycle

- Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security

- Sign-off on application security prior to live implementation

- Work with the architecture and development teams to review code for security vulnerabilities and embed/improve security threat modelling and secure coding in the development lifecycle

- Ensuring that necessary controls and processes exist to appropriately correlate and assess security events

Essential

- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.

- In depth understanding of secure web application development, Java, Java development frameworks, PHP, web services and SOAP,API

- Experience writing and testing web applications and web services in the following programming languages: C/C++, Java, and JavaScript. The candidate should have familiarity with a variety of development and testing tools, including: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect

- Experience in application technology security testing (white box, black box and code review)

- Experience of web application and Agile development methodologies

- Understanding and familiarity with common code review methods and standards

- Understanding of Apache web server and Unix server operating systems

- Understanding of HTTP and web programming

- Knowledge of standard SDLC practices

- Knowledge of common security requirements within ASP.NET application

Skills/ Abilities/ Knowledge

- Highly developed organizational skills and attention to detail

- Ability to handle multiple projects and priorities simultaneously with a high degree of professionalism and client service orientation

- Excellent interpersonal and leadership skills

- Proven communication skills, both verbal and written

- Able to communicate effectively with internal personnel and clients on all levels

Desirable

- Good at building relationships with key internal and external stakeholders.

- Good at providing advice on information security, helping both technical and non-technical stakeholders understand the threats and vulnerabilities, and the options for treatment.

- Experience of participating in IT or technology investigations and activities including first responder responsibilities

- Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors

 - Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security
 
- Demonstrable ability to influence decisionmaking processes at all levels of a large organization will be critical to success

- Candidates must have strong leadership skills and have excellent negotiation skills to work with highly technical individuals

- Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing/contributing to technical publications

- Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

- Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques

Apply Now