Job Description :
Looking for a senior level resource that can work independently and outside of given tasks. Candidates should be senior/architect level and have strong communication skills as the hired contractor will be working directly with VP.
Business Overview:
Responsibilities:
Work with development teams to employ a secure architecture
Provide education and guidance about secure coding practices
Ensure compliance with Policies, Standards, Requirements, and Directives are met
Schedule, scope and prioritize security assessments of applications
Assess applications for vulnerabilities using manual and automated methods, such as threat modeling, code reviews, tool scans and penetration testing
Identify, document, rate, and communicate vulnerabilities in terms of Confidentiality, Integrity and Availability to multiple audiences
Reproduce, demonstrate and retest vulnerabilities
Provide guidance and direction on remediating vulnerabilities
Maintain awareness of security issues amongst the development community
Continually improve the secure development process and environment
Required Qualifications:
Understanding of the Software Development Lifecycle (SDLC)
Understanding of multi-tiered architecture
Passion for application security
Process oriented
Ability to describe vulnerabilities and application security concerns to both technical and non-technical persons
1-3 years of hands-on technical experience developing and testing apps in .NET or Java
3-5 years application security experience
Preferred Qualifications:
Experience with SAST tools such as Fortify, Veracode, Checkmarx
Experience with DAST tools such as IBM AppScan, HP WebInspect, Acunetix, Qualys WAS, Zap, Burp
GIAC GWAPT, GSSP, or GWEB certified
Experience performing architecture reviews
Experience with cloud security: Amazon AWS, Windows Azure.