Application Security Developer

Job Description

6-8 month contract to hire

Description:

Demonstrated experience and expertise implementing CSP across large scale, high volume enterprise applications

• Proven background in development of secure design patterns

• Expert level knowledge of modern web technologies (AngularJS, Node.js, websockets)

• 6+ years’ experience in architecture risk analysis and threat modeling

• Proven experience implementing web application firewalls

• Identity and access management expertise, SSO/SAML, etc.

• Expertise in building defense in depth security architecture including security controls across multiple technology stacks and domains

• Deep knowledge and understanding of securing all major web server environments based on OWASP top 10

• Expert level knowledge of application security vulnerabilities and the ability to explain and provide solutions at both an architecture and development level

• Expert level knowledge and experience implementing third-party library risk management and lifecycle processes

• Knowledge of financial services regulatory requirements

Acts in a strategic role in the development and maintenance of extremely computer network security/protection systems and architectures. Provides security solutions that require resolution of complex operational and integration issues associated with networks, data systems, and applications to successfully deploy secure technologies and to enhance existing technologies. Leads computer security incident response activities, conducts technical investigation of security-related incidents and conducts post-incident digital forensics to identify causes and recommend future mitigation strategies. Serves as the highest level of information security consultant to all internal clients and technical management in all areas of the business to ensure conformity with corporate information security standards. Directs and serves an a mentor to less experienced staff.

Top Skills Details

1) Application Security / Web Application security / OWASP top 10 - 10 plus years ideally. web technologies (Example - AngularJS, Node.js, websockets)- Full Software development Life cycle experience, from creation and assessments through to execution, validation, remediation. (Secure development - Security Testing - Continuous Monitoring/Protection)

2) Fortify or Checkmarx (Static Testing tools) - Does not have to be an expert but needs to understand how to use this product and maneuver through the SDLC. Coaching Development managers and Applications owners on what vulnerabilities they find and then have the ability to get this information to the proper team to and create a Plan to remediate the issue/ findings.

3) Threat Modeling - 6 years experience around IAM, Vulnerability remediation and creating Threat Models (They use Microsoft 2016 Threat modeling tool)

4) SQL Injection

5) Cross Site Scripting - XSS

External Communities Job Description

Application Security Champion

EVP

This will allow the ability to work in a large complex security team, hands on exposure to the newest security software and the NEW Security SDLC. Consultants get to work with cutting edge security tools in a large, name brand company. It is a 6-8 month Contract to hire or roughly within that time frame

Impact to the Internal/External Customer

Our client is currently tasked with Validating vulnerabilities and remediating those vulnerabilities using a Fortify/Checkmarx tool for over 700 High Risk - Public Facing Apps. The next step as we move into 2019 will be to secure 4000 plus applications across multiple LOB\'s creating a secure environment externally and internally. Heavily regulated and many fines and potential damage could be done by have Non-secure applications.

Business Challenge

These Public Facing Applications store personal information that need to be protected from hacking. These incidences have to be eliminated because of the issues of monetary loss, public perception, and costs of credit monitoring for victims of potential fraud.