1(737)781-3448 MMansur@redbluesec.org
  • Full Time
  • Anywhere
  • Applications have closed

Undisclosed

Responsible for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. This involves in-depth knowledge of the business processes involving Network, architecture, relationship between systems, and systems flow of end-to-end designs for Network & Technology applications with application security focus. Below are the principal duties and responsibilities listed in order from time-spent or importance:

  • Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
  • Guides and performs security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing.
  • Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support
  • Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
  • Participate as a key member for security incident response activities.
  • Ensures teams are validating for OWASP and performing industry leading application security practices.

SKILLS & EXPERIENCE

  • Experience as a Security Engineer specifically for Applications vs. Infrastructure /Understanding of SSDLC Framework
  • Advanced experience in security testing tools such as Burpe Suite or similar tools
  • Strong background with application security assessments
  • Experience in application technology security testing (white box, black box and code review)
  • Experience with Advanced Automation scripting and some kind of Automation testing tool (Bsh, shell, java, .net)
  • Some system administration and scripting experience with at least SQL databases (PL/SQL Scripting and Oracle Database Tools are a plus)
  • Outstanding communication, analytical skills and ability to function in a globally diverse work environment
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
  • Experience in system technology security testing (vulnerability scanning and penetration testing).