| App Security SME, Portland, Oregon(Hybrid) at Portland, Oregon, USA |
| Email: [email protected] |
| From: Harish Varma, R2 Technologies [email protected] Reply to: [email protected] Client: IBM/ (Insurance) Role: App Security SME Location: Portland, Oregon Duration: Long term Availability: Immediate Security Assessment Reviews: Conduct and approve Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) results for applications within our build pipelines. Provide remediation guidance to application development teams based on testing outcomes. Onboard new applications to the security testing framework, ensuring thorough and continuous security assessments. RASP Implementation: Offer development support to the Imperva Runtime Application Self-Protection (RASP) implementation team. Implement RASP integration on legacy external-facing web applications and new Azure-hosted applications and APIs. Sonatype Lifecycle and Nexus Firewall: Monitor, triage, assign, and report on Common Vulnerabilities and Exposures (CVEs) identified by Sonatype within the codebase. Assist Azure developers, data scientists, and actuaries with implementing Nexus Firewall to prevent malicious or non-compliant components from being introduced to local repositories. Conduct regular audits using Nexus Firewall to ensure the integrity of local repositories and prevent the introduction of malicious components. Integrate Sonatype-identified vulnerabilities into the aggregation and reporting performed by Application Security Orchestration and Correlation (ASOC) tooling for the application portfolio. Imperva Cloud WAF Implementation: Assist with the implementation of Imperva Cloud Web Application Firewall (WAF) for the public-facing, Acquia-hosted, Drupal site. Facilitate the technical migration of onboarded applications and implemented security policies from on-premises WAF and Azure WAF to Imperva Cloud WAF. Share responsibilities with the WAF Application Administrator for the Imperva Cloud WAF, managing duties not directly performed by Imperva Managed Services. Act as a liaison for special requests to Imperva Managed Services (IMS) to fulfill specialized WAF needs. Required Skills and Experience: Experience with SAST, DAST, and SCA tools and methodologies. Proficiency in implementing and managing RASP solutions, particularly with Imperva RASP. Hands-on experience with Sonatype Lifecycle and Nexus Firewall, including CVE management and auditing. Familiarity with Imperva Cloud WAF implementation and migration processes. Strong understanding of Azure-hosted applications and APIs. Excellent communication and remediation skills to work effectively with development teams. Ability to manage and prioritize multiple security projects and initiatives simultaneously. Preferred Qualifications: Certifications in relevant security domains (e.g., CISSP, CEH, CISM). Experience with Acquia-hosted Drupal sites. Previous experience in a similar role within a cloud-based environment. Thanks & Regards, Harish Varma S Talent Acquisition Manager, R2 Technologies, Alpharetta, GA, 30005. Certified MBE. Direct:+1-470-870-8003 , Email: [email protected]. Keywords: Georgia App Security SME, Portland, Oregon(Hybrid) [email protected] |
| [email protected] View all |
| Thu Aug 08 20:11:00 UTC 2024 |