Responsible for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. This involves in-depth knowledge of the business processes involving Network, architecture, relationship between systems, and systems flow of end-to-end designs for Network & Technology applications with application security focus. Below are the principal duties and responsibilities listed in order from time-spent or importance:
- Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
- Guides and performs security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing.
- Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support
- Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
- Participate as a key member for security incident response activities.
- Ensures teams are validating for OWASP and performing industry leading application security practices.
SKILLS & EXPERIENCE
- Experience as a Security Engineer specifically for Applications vs. Infrastructure /Understanding of SSDLC Framework
- Advanced experience in security testing tools such as Burpe Suite or similar tools
- Strong background with application security assessments
- Experience in application technology security testing (white box, black box and code review)
- Experience with Advanced Automation scripting and some kind of Automation testing tool (Bsh, shell, java, .net)
- Some system administration and scripting experience with at least SQL databases (PL/SQL Scripting and Oracle Database Tools are a plus)
- Outstanding communication, analytical skills and ability to function in a globally diverse work environment
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Experience in system technology security testing (vulnerability scanning and penetration testing).