Job Description :
Information Security Applications Code Assessor in Brooklyn NYlt; /b> This a contract assignment for a multiyear project with NYC DOElt; /p> Responsibilities: * Performs application security assessmentslt; /p> * Develops application security standards and policy documentationlt; /p> * Perform automated and manual run-time assessmentslt; /p> * Performs automated and manual code review and threat modelinglt; /p> * Performs Secure Development Lifecycle (SDL) process assessmentslt; /p> * Educates developers on proper secure coding practiceslt; /p> * Provides and/or organize appropriate application security training and awareness for technical and non-technical stafflt; /p> * Acts as security applications subject matter expert (SME), providing consulting solutions and support to Application Development teamslt; /p> * Actively manages the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriatelylt; /p> * Works closely with development teams to remediate application vulnerabilities detected through security scanning toolslt; /p> * Liaises with relevant stakeholders within the Technology groups and business units to ensure security awareness and issues are communicated effectivelylt; /p> * Carries out risk assessments and/or threat modeling to articulate the levels and types of security controls appropriate application/product initiativeslt; /p> * Researches, initiates and drives the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software producedlt; /p> Required Experience: 4+ years of work experience focused purely on application system and code-level securitylt; /p> 7+ years of experience with the following: * Detection, exploit, and prevention of software vulnerabilities (i. e. , SQL Injection, XSS, buffer overflows) as well as emerging platform vulnerabilities (e. g. , Flash, AJAX * Reviewing source code and assisting developers in closing vulnerabilitieslt; /p> * Performing active black-box penetration testing against web applications above-and-beyond the use of commercial products or pre-existing scriptslt; /p> * Enterprise application development experience in both . NET and Java/J2EElt; /p> * Secure software development life-cyclelt; /p> * Excellent written and verbal communication skills, experienced at communicating with developers as well as technical and non-technical managementlt; /p>