| Security Specialist - Richfield, MN Day one onsite at Richfield, Utah, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2230604&uid= From: Raghuteja, W3Global [email protected] Reply to: [email protected] Security Specialist (Onboarding) Richfield, MN Day one onsite The Security Specialist will formulate plans and work towards client Development team to integrate build tools with Enterprise security tools. The Specialist will identify security weaknesses and evaluate the risk posture. This role will be responsible for security services delivery, including the use of application security tools for detection, triage, and remediation of security weaknesses. The Specialist will partner with our client development and business teams to explain relevant security weaknesses and provide guidance for remediation. The Specialist is also responsible of preforming manual/automated security analysis and look for loopholes of applications written in different programming languages. This role reports to the Sr. Manager of Enterprise Risk and Compliance. Responsibilities Perform triage of the results found by tools to determine true positives and eliminate the false positives. Develop proof of concepts to demonstrate the severity of the attacks to the developers. Work with the development teams to integrate their build process with the automated scan tools. Conduct kick off meetings with application team to understand the applications architecture, business logic and source code repository Assess and report security weaknesses and their risk according to clients application penetration testing methodology Document and report security weaknesses in client systems and provide detailed reports to appropriate development and business teams Work directly with Client development teams to provide remediation guidance for identified security weaknesses Identify testing methodology or process improvements and make recommendations to EIP Application Security Teams Perform other security checks like Authorization, session management, SSL test, encryption algorithms check to look for issues. Organize onboarding meetings with application teams to explain them the details of security testing engagement, Secure SDLC and the timelines for each project. Perform personal research to stay current on security trends, new vulnerabilities, and technology Other duties as assigned Basic Qualifications Direct full-time information security, static code review, remediation, testing, software development, or software engineering. Familiarity with popular web application languages and platforms. For example, JavaScript, HTML, .NET, Java Groovy, and Python or other similar technologies. Knowledge of secure development of web applications and mobile applications Hands on experience leading technical integration-heavy in modern security tools, especially; Checkmarx SAST, CheckmarxOne, NexusIQ, and/or Blackduck, Veracode, Snyk. Experienced in conducting end-to-end static analysis, using at least one commercial, application scanning tool. Experienced in application onboarding, triaging, remediation with application teams and verifying proposed findings. Hands-on development experience, working with, or developing RESTful APIs in a modern, automated development environment including a deep understanding of CI/CD. Organize, maintain, and report on project workflows, statuses, and technical tasks. Identify, facilitate, and track on-going process and automation-based process improvements. Ability to quickly adapt to new technologies, tools and techniques Ability to perform in a fast paced, dynamic work environment and meet aggressive deadlines Ability to work with technical and non-technical team members Strong technical writing and verbal communication skills Experience Qualifications 5+ years of experience SAST and SCA security tools; Checkmarx and CheckmarxOne, and Nexus IQ 5+ year of experience developing new queries and customizing the existing security tools queries that are not out of the box to find new vulnerabilities 5+ years of experience conducting end-to-end SAST and SCA analysis, using commercial application scanning tool. 5+ years of experience application onboarding, triaging, remediation with application teams and verifying proposed findings. 3+ years of recent, hands-on development experience, working with, or developing RESTful APIs in a modern, automated development environment including a deep understanding of CI/CD. 3+ years, with expert-level skills, in SDLC workflow management tools like Jira, Confluence, SharePoint or similar. Education Requirements Bachelors degree in Information Systems, Computer Science, Software Engineering, Computer Engineering or an equivalent field The continuous integration or CI systems are tools that are used to auomate the build, test and deployment of apps. Some of them are Jenkins, Github, Gitlab CI, Github actions, Azure devops and Bamboo CI. The candidate must have experience configuring or writing pipelines in CI tools. They need to have a basic understanding of a build process and how security fits into it. They will need to be able to integrate SAST and SCA tools into an existing continuous integration pipeline. Experience with Onboarding apps to SAST and SCA tools. Experience with triaging SAST and SCA findings written mostly in Java and related jvm languages, javascript, c# and python. Experience working with engineering teams to remediate the confirmed findings by providing suitable remediation. Experience configuring SAST and SCA tools to align with the organization policies. This would include changing default policies and configurations. CI tools: Goot to have: Jenkins, Azure devops, Github actions, Gitlab CI Mandatory: Jenkins and Azure devops SAST and SCA tools: Good to have: Checkmarx, Veracode, Fortify, Semgrep, Blackduck, Nexus IQ, Snyk, Checkmarx SCA Mandatory: Checkmarx and Nexus IQ Keywords: csharp continuous integration continuous deployment information technology Minnesota Security Specialist - Richfield, MN Day one onsite [email protected] http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2230604&uid= |
| [email protected] View All |
| 12:08 AM 06-Mar-25 |