Responsible for helping ensure security at the application layer for company’s application and platforms, including mobile apps and cloud based applications / platforms
Conduct application security assessments and penetration tests of applications using various tools and techniques
Work closely with application development teams to ensure appropriate education and process within the development cycle
Work with cloud providers to obtain and understanding of security controls, ensure controls are leveraged
Work with partners if external assessments are required for any applications
Responsibilities
Build relationships with application, infrastructure and cloud technology teams to deeply understand new technology initiatives
Ensure new technology projects are built securely by providing security subject matter expertise to technology engineering teams
Specifically ensuring the secure architecture, design, development, coding and configuration of new technology projects
Perform granular infrastructure, infrastructure as code, application and cloud security reviews
Identify technology project risks through risk assessments identifying threats, vulnerabilities, impact and likelihood
Communicate to senior management the residual risk from mitigation strategies or risk acceptance
Maintaining a high security bar through architecture and implementation of security controls at both enterprise and project levels
Qualifications
Minimum qualifications
Degree Required: B.S or higher in Computer Science or equivalent experience
Years of Experience: 8+ of security architecture and testing experience
Preferred qualifications
Security Qualifications Preferred: CISSP, CCSK/CCSP, CISSP-ISSEP/ISSAP, CSSLP, SABSA SCF/SCP/SCM
Technical knowledge of application security scanning tools required e.g. Fortify, Veracode, Rational AppScan etc
Strong knowledge of application development process (including mobile) and security frameworks like OWASP
Strong understanding of technical information security concepts