Job Description:
- Work independently or as a part of the team or as a project lead to deliver following:
- Development of application security program, policies, and processes
- Conduct security assessments and reviews
- Provide advisory services to development teams to build secure applications
- Implementation of scanning technologies (e.g. IBM Appscan, HP Fortify, Qualys etc.)
- Determine the risk profile of the applications by verifying application controls vs information security policy.
- Perform analysis of all scans, both standalone and enterprise, and prepare a written report of analysis.
- Connect and leverage other resources in information security to ensure accurate assessment of security controls as needed.
- Assist product owners and technology staff with analysis and interpretation of information system vulnerabilities identified and offer necessary consulting help to remediate vulnerabilities
- Oversee and manage the documentation of flaws into risk registry and track remediation activities.
- Secure SDLC Advisory and Implementation: Conduct analysis of security controls considered to be implemented through development lifecycle, gap analysis (against standards and benchmarks), recommend security technology / process controls and project manage implementation.
- Assist in the generation of metrics to drive the continuous improvement program and present current state of security status to management team.
- Leverage, keep up-to-date on latest trends and develop application security expertise that is required to successfully assess application controls.
- Support internal practice development initiatives, including: improving tools, templates and techniques used to deliver engagements, conceptualize new services and solutions, development of technical papers and marketing collaterals.
- Project management of one or more projects to ensure quality deliverables are produced within timelines, scope and cost. Identify, report and manage project risk, including: escalations, scope creeps, resource issues, customer delays, etc.
- Support firm’s presales activities, such as attending presales calls, response to RFPs, solution engineering & presentations, effort estimation, staffing etc.
Desired Profile:
- Working knowledge of application security (OWASP, SANS, NIST, CWE, CVSS, OSSTMM etc.) and programming patterns that lead to them, as well as remediation techniques
- Experience with software security testing (static and dynamic analysis)
- Familiarity with high level programming languages (i.e. Java, C#, Python, etc.)
- Familiar with development lifecycles like waterfall, agile etc.
- Experience in technical security architecture assessment/advisory, including at application, network, and system levels.
- Understanding UNIX and/or Windows OS, networking technologies and tools and CIS benchmarks
- Knowledge of using one or more scanning tools and utilities like IBM Appscan, HP WebInspect, HP fortify, Acunetix, Nessus, Nipper, Qualys, Rapid7 Checkmarx, Burp Professional etc.
- Demonstrable knowledge on Documentation and business reporting.
- Ability to work independently with minimal direction; self-starter/self-motivated
- Strong interpersonal and communication skills; ability to work in a team environment
- Communicates effectively with clients and seeks to understand and anticipate their needs.
- Continuously finds new solutions to problems and actively shares knowledge with the team.
Qualification & Experience:
- Relevant (cybersecurity) experience: 2-4 years of full time.
- Bachelor’s Degree
- Preferred Certifications – at least one if not more: CEH, ECSA, OSCP, CISSP, CSSLP, CCSP, etc.
Learn more about our Security Verification Services.