Implementing and supporting system and application vulnerability management platforms such as: ThreadFix, Agile Central, etc.
Integrating vulnerability management platform with developers defect trackers, through: Jira, Rally, TFS, etc.
Integrating application security testing tools via Veracode, Fortify, WhiteHat Sentinel, IBM AppScan, etc.) with developer bug trackers to auto feed vulnerabilities into the trackers.
Creating a vulnerability management tool dashboard for reporting on security metrics.
Creating an implement framework for collecting and reporting on security metrics and maturity levels to evaluate the effectiveness of current capabilities.
Reporting on metrics that are meaningful to technology operations as well as business executives.
Reducing cost and increasing velocity of risk reductions.
A Bachelors Degree in Computer Science, Information Systems or Software Engineering
Any of the following certifications: CISSP, GIAC, GSSP, CEH, OSCP, and/or OSCE
5+ years working in information security and/or development related positions
The ability to implement information security technology tools
Strong knowledge of application security weaknesses for various technologies including web applications, databases, and multi-tier applications
Familiar with web application security testing tools such as Fortify, Veracode, WhiteHat Sentinel, Appscan, etc.
Comfortable with any of the following languages JAVA, .NET, C++, C, CGI, PHP, HTML, AJAX, Etc.
Understanding of various application development principles with a focus on Agile software development
Strong background in the mathematics of security metrics across various capabilities