Conduct security assessments that require expertise of our organization's applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies
Collaborate with software development teams to integrate security into the development life cycle
Conduct security assessments of web, mobile, and other applications
Analyze security assessment results to identify security vulnerabilities and provide guidance on remediation
Design and implement secure software development practices, including threat modeling, secure coding standards, and code review
Stay current with security threats, trends, and technologies, and recommend new security controls as needed
Conduct application security investigations and provide recommendations to mitigate risk
Maintain security documentation, provide subject matter expertise, and collaborate on security policies, procedures, and standards

Requirements

Bachelor's degree in computer science, information security, or a related field
Five (5) years or more experience with OWASP, SAST, DAST, SCA, RASP and common security tools, required
Seven (7) years or more application security, security engineering, software development, or a related field, required
Five (5) years or more strong understanding of web application security and common attack vectors (e.g. SQL injection, XSS, CSRF), required
Five (5) years or more experience with secure coding practices, threat modeling, and secure software development life cycle (SDLC) methodologies, required
Five (5) years or more proven experience in diagnosing, isolating, resolving complex issues and recommending/implementing strategies to resolve problems, required
Five (5) years or more demonstrated experience with systems integration processes, methodology and tools, required
Seven (7) years or more development and scripting experience, required
Five (5) years or more professional application security role, required
Five (5) years or more experience with API and Web Security, required
Three (3) years or more experience with WAF, or similar application security infrastructure a plus, preferred
Seven (7) years or more experience in integrating security in CI/CD, DevOps, required
Six (6) years or more experience process or operation management
Six (6) years or more experience Value Stream Mapping, Continuous Flow, Pull Replenishment and other process improvement experience.

Benefits

comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options
paid time off for vacation, illness, bereavement, family and parental leave
tax-advantaged 401(k) retirement savings plan

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)OWASPSecure coding practicesThreat modelingSecure software development life cycle (SDLC)API securityWeb securityWAFSystems integration

Soft Skills

CollaborationProblem-solvingAnalytical skillsCommunicationSubject matter expertiseDocumentationRisk mitigationGuidance on remediationProcess improvementOperational management

Certifications

Bachelor's degree in computer scienceBachelor's degree in information securityBachelor's degree in a related field