Job Description

Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

Requires one of the following certifications: CEH, Security+, or equivalent.

Defines best practices, performs software security architecture, and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms.

Supports development of technical security safeguards to protect information systems from intentional or accidental access/destruction

Liaison between development teams and stakeholders to understand and formulate security requirements

Defines, maintains, and enforces application security best practices.

Conduct vulnerability assessment and manual/automated code reviews

Demonstrate vulnerabilities to application owners and provide mitigation recommendations

Experience with SAST, DAST, and OSA tools.

Performs and conducts penetration tests and manual/automated code reviews

Experience with any programming language like Java, .NET, C#, etc.

Knowledge about Secure Coding best practices and OWASP top 10, SANS 25, CVE, etc.

Identify AppSec related tools/conduct tool analysis, and provide recommendations

Apply technical knowledge to analyze/develop, create, and implement process improvements, trouble shooting, and operational support

Minimum Qualifications

Bachelors Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.

5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.

Other Job Specific Skills

Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.

In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.

Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.

Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.

Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.

Knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, and related protocols.

Experience with static code analysis tools including HP Fortify.

Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools.

Experience working with GIT source code management.

Must have solid working experience and knowledge of Unix/Linux operating system.

Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB is preferred.

Understanding of Agile/Scrum methodologies is preferred.

Experience with Axiomatics is a plus.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.

Job Tags

Similar Jobs