Senior Application Security Engineer - OWASP

Principal Accountabilities : - Lead by example and independently perform all functions and services of the GIS AppSec team.

- Conduct advanced web application, micro-services, API, cloud penetration tests of proprietary and 3rd party on-prem/cloud systems and applications.

- Perform targeted manual security reviews at key points in the software development life cycle.

- Perform peer reviews of assessment reports and provide constructive guidance to team members.

- Train others on tools and processes used in AppSec methodology.

-Provide technical guidance to team members and other stakeholders (e.g.

development teams, project teams, business stakeholders). - Provide input for strategic visioning / planning.

- Identify the need and develop new security standards and reference architectures.

- Identify metrics that can help measure performance, gaps in coverage, need for head count, trends in findings.

- Identify and document process improvements and influence team and management support and prioritize changes.

- Establish yourself as a recognized technical expert within the team.

- Have an interest in continuing your education and training and staying current within the application security domain.

Requirements : - 12 years' experience performing security assessments of a wide variety of systems, applications and technologies which include both proprietary and industry standard protocols.

- Expert knowledge and experience performing manual security reviews of application source code for security vulnerabilities written in various languages including : .Net (C#, VB), C++, . - Expert level skills with application security testing tools including : Burp Suite Pro, Kali, Checkmarx, sqlmap, nmap, Wireshark, etc.

- Expert knowledge of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities most critical web vulnerabilities and how to identify and remediate them.

- Advanced knowledge of application reverse engineering and using tools such as : Java decompilers, .Net decompilers, IDAPro, etc.

- Advanced knowledge of UNIX/Linux/Windows.

- Advanced knowledge with scripting languages such as: Python, bash, Powershell, etc.

- Experience with drafting of Security Standards, Reference Architectures and Secure Technical Implementation Guidelines.

- Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.

- Self-motivated and a self-starter (If you have a question, find the answer, ask somebody, figure it out, and communicate). - Excellent Oral and Written communications skills.

- Deep knowledge of security frameworks like OWASP and experience with API security.

- Strong experience in source code review and security testing methodologies (SAST, IAST, DAST, RASP). Nice to have : - Certifications such as GWAPT, eWPTx, OSCP, OSWE, CISSP, or other relevant certifications are highly preferred.

(ref:hirist.tech)