Job Description :
Job : Information Security
Location : Brooklyn NY.
This a contract assignment for a multiyear project with NYC DOE.
Responsibilities:
* Performs application security assessments.
* Develops application security standards and policy documentation.
* Perform automated and manual run-time assessments.
* Performs automated and manual code review and threat modeling.
* Performs Secure Development Lifecycle (SDL) process assessments.
* Educates developers on proper secure coding practices.
* Provides and/or organize appropriate application security training and awareness for technical and non-technical staff.
* Acts as security applications subject matter expert (SME), providing consulting solutions and support to Application Development teams.
* Actively manages the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriately.
* Works closely with development teams to remediate application vulnerabilities detected through security scanning tools.
* Liaises with relevant stakeholders within the Technology groups and business units to ensure security awareness and issues are communicated effectively.
* Carries out risk assessments and/or threat modeling to articulate the levels and types of security controls appropriate application/product initiatives.
* Researches, initiates and drives the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software produced.
Required Experience:
4+ years of work experience focused purely on application system and code-level security.
7+ years of experience with the following:
* Detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows) as well as emerging platform vulnerabilities (e.g., Flash, AJAX
* Reviewing source code and assisting developers in closing vulnerabilities.
* Performing active black-box penetration testing against web applications above-and-beyond the use of commercial products or pre-existing scripts.
* Enterprise application development experience in both .NET and Java/J2EE.
* Secure software development life-cycle.
* Excellent written and verbal communication skills, experienced at communicating with developers as well as technical and non-technical management.