Responsibilities/Deliverables that the resource will be responsible for:
• Own the static security testing process, tools, and remediation process integrated within our automated release pipeline
• Develop continuous improvement processes and automation within the areas of responsibility
• Develop security vulnerability identification and communication best practices in partnership with our development teams to improve automation and efficiency
• Hire and develop a team of high performing static security testing engineers
• Understand criticality of applications and be able to prioritize solutions by working with leaders
• Collaborate with development and operations teams to develop the standards for web application security & implement them effectively
What are the MUST have skills that you are looking for in a candidate?
• 8-10 years of relevant experience
• 4+ years of working with a static security or risk management team
• 3+ years exposure to static testing tools such as CheckMarx, Veracode and Fortify
• CheckMarx highly preferred
• Advanced Information Security Technical knowledge
• Previous experience facilitating a new tool and providing suggestions to a company's vision
• 5+ years of web applications experience
• Knowledge of Ruby scripting language
• Ability to write effective documentation for both users and management
What are the technologies and the depth of the technologies that a candidate must have in order to be successful in this role?
• CheckMarx, Veracode and Fortify
What are the soft skills that you feel candidates must-have in order to be successful in this role?
• Excellent communication & documentation skills
• Experience talking with senior software engineers
• Analytical and problem-solving skills
• Ability to define processes and show initiative