| Application Security Lead- Onsite - Olympia , WA -GC & USC only at Olympia, Washington, USA |
| Email: [email protected] |
| From: Arpitha S, Stellar IT Solutions [email protected] Reply to: [email protected] Application Security Lead- Onsite - Olympia , WA GC/USC only The Application Security Lead position is responsible for leading assessment and validation of application and system security controls to help identify gaps in enterprise security and privacy controls. This position leads a variety of application security initiatives in the WAHBE Security Team and works closely with application development teams. The position provides security subject matter expertise to a variety of technical and non-technical audiences. This position also leads the development and implementation of a penetration testing strategic program plan. The position focuses on the use of out of the box applications in addition to internally developed applications and scripts with the focus on penetration testing. This position is also responsible for reporting findings and collaborating with technical staff for remediation. Duties and Responsibilities Plan, communicate, coordinate, and lead application security and penetration tests in addition to developing other security assessments for enterprise applications and systems. Lead the development of the WAHBE Penetration Testing strategic program and tactical plans including relevant areas of application security. Perform accurate validation and assessment of vulnerability scan results. Perform maintenance and operations of WAHBE Application Security toolsets. Develop scripts and other appropriate automation for repeatable tasks in vulnerability validation and application security testing (Dynamic Application Security Testing, Static Application Security Testing, Interactive Application Security Testing). Perform mobile application security testing and lead remediation of discovered vulnerabilities and privacy risks. Create comprehensive and accurate application security and penetration testing reports with recommendations for appropriate remediation. Participate in incident investigation and provide advanced analysis, as needed, and assist in development of strategies to respond to and recover from a security breach. Work with software developers on defining technical solutions for resolution of identified vulnerabilities. Select, recommend, install, configure, and customize security testing tools and develop procedures for suitable use of such tools during security assessments. Make appropriate use of automated tools during security assessments (Metasploit, Nmap, Nessus, Burp Suite, etc.) Perform security assessments of new enterprise solutions to be procured and implemented by WAHBE focusing on the underlying risk to the organization, providing consultation and recommendations as appropriate. Assist in developing training materials for advanced security roles and responsibilities including secure coding standards and technical guidance. Provide security consultation and assessments for cloud environments and containers, focused on best practices and technical analysis. Create Misuse, Abuse, and Confuse cases within the Agile methodology during user story/case development. Perform security analysis and consultation of product requirements and system changes (RFCs) in an Agile environment. Assist WAHBE with shifting security to the left by providing security consultation and technical analysis during the early stages of the SDLC to ensure security is built-in by design. Assist WAHBE with the Develops Program, building the CI/CD pipelines as necessary to integrate Application Security into the Secure Software Development Life Cycle (SDLC). Assist WAHBE in managing and updating policies, procedures, and standards utilizing the Secure Software Development Lifecycle. Work with the Risk Management Office in the remediation of vulnerabilities, audit findings and risks tracked and monitored. Liaise with enterprise architects and engineers to share best practices, insights, and requirements. Mentor junior positions in development of key skills necessary to defend the organization. Performs other duties as assigned within the scope of application security and penetration testing. Qualifications Required: 15 years of Information Security experience in specialized roles such as penetration testing, application development, application security testing or network security testing 5-7 years in software development or IT security related fields Excellent understanding of securing SDLC, architecture design and IT operations Experience performing application security code and roles matrix review and practical risk assessments Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.) Experience with common vulnerability assessment tools (e.g., Nessus, RAPID7, Nmap, Burp Suite) Experience with common networking tools (e.g., Wireshark, tcpdump, netcat) Excellent understanding of emerging cybersecurity threats Excellent understanding of networks, hosting models and IT infrastructure Strong analytical and problem-solving skills with the ability to think outside the box Understanding of core Internet protocols and routing (e.g., DNS, HTTP, TCP, UDP, TLS, IPsec) Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryption, etc.) Good verbal and written communication skills Ability to mentor and coach both technical and non-technical resources Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities Well organized, flexible, resourceful, and efficient with strong attention to detail Strong interpersonal skills: ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers Regards, Arpitha S Technical Recruiter Email: [email protected] Rockville, MD | McLean, VA | Palo Alto, CA StellarIT.com | StellariDeaLabs.com Keywords: continuous integration continuous deployment information technology green card California Maryland Virginia Washington |
| [email protected] View all |
| Tue Nov 14 21:34:00 UTC 2023 |