Job Description :
Title: Application Security Scanning Consultant
Location: Lansing, MI
Length and terms: Long term - W2 or C2C

Job Description:
Run the user onboarding process for SAST and DAST.
Update Risk Assessment and Enterprise Architecture documents as needed.
Remediate vulnerabilities across the AppScan environment.
Leads false positive analysis and related configuration
Serves as a Subject Matter Expert (SME) in the field of application security.
Performs security design review, threat modeling and architectural/system security assessments, to ensure that solutions are being designed with a minimal degree of technical risk. The incumbent works to identify, triage, and provide remediation guidance of vulnerabilities within software applications and systems, using a variety of tools, techniques, approaches, and methodologies.
Security testing of applications using static testing, dynamic testing, and application penetration testing
Security assessments, risk analysis, recommend security requirements, participate in code reviews, provide security defect remediation guidance, and serve as a consultant to other business units while acting as an Application Security Subject Matter Expert (SME)
Supports the enterprise security architecture and provides technical expertise to troubleshoot and solve problems as needed.
System Administration of an application scanning platform such IBM AppScan is not required, but would be of value to the role.

Required Skills
3 years experience
Experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
Windows, Unix, Linux and related system engineering experience
Working knowledge of LDAP, Active Directory & Security Groups
Working knowledge of SSL/TLS protocols and certificate-based solutions
Working knowledge of cryptography, including encryption and hashing
Familiarity with OWASP Top 10
Familiarity with the Software Assurance Maturity Model (SAMM)
Bachelors or Masters Degree in Information Technology, Computer Science, Engineering or related
Experience performing application scanning with an enterprise application scanning platform/tool

Desired Skills

Experience Administering IBM AppScan Enterprise (not the Standard Edition)