Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.g. Jira), and meet with development teams as required.
Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools. This includes their integration points with Jira, GRC, and quality assurance systems.
Work with Management and Application Delivery to develop a formal Application Security Verification Standard.
Ensure quality web application security audits across IT to ensure internal and industry standards, procedures, and methodologies are being followed.
Consult with Application Delivery and Technical Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
Assist with the creation of training materials to educate developers and other stakeholders about key security concepts using a variety of media.
Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments; proactively address internal control concerns and best practices
3+ years of application security experience
3+ year of development experience
In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identify and access management
Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)
Web application development experience in .NET, C#, Java, Python
Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers
Familiarity in application security scanning technologies (Veracode, AppScan, Fortify, WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
Familiarity with cloud-based (e.g., AWS, Azure) application development services and tools
Excellent analytical skills required
Certifications (e.g., GWAPT, CISSP, CCSP) are preferred