The Application Security Specialist is a hands-on technical role who will develop solutions to prevent compromise of our systems, to enhance our capabilities to detect threats and response mechanisms to handle incidents when they happen.
The ideal candidate should have both security as well as development experience. The candidate must be able to identify potential risks in code or in deployed applications. S/he works closely with the software development team in communicating our needs and coordinating the implementation efforts.
Responsibilities
· Perform as a key member to design, analyze, evaluate, test, debug, and implement applications, programs, or systems in support of company security initiatives on various platforms.
· Encourage a security culture across company; train and in still core security values to emphasize risk-based judgments, security in product designs, and prioritizing security remediation work.
· Responsible for developing and maintaining the web/mobile application security scanning and risk mitigation.
· Perform source code reviews and penetration testing to identify security vulnerabilities.
· Evaluating output of testing (vulnerability, code review, penetration test) and tracking remediation.
· Incorporating security testing to development procedures.
· Provide web/mobile application firewall guidance.
· Maintain up to date knowledge on current and future security threats and vulnerabilities
· Design POC’s of possible attacks related to the discovered vulnerabilities.
· Investigate security breaches within a defined area of responsibility to maintain the compliance with internal security policies.
· Research solutions to improve app security.
· Provide training to development teams on secure coding and best practices around OWASP Top10.
Specific Knowledge, Skills and Abilities
· Strong knowledge of SDLC principles including Agile/Scrum.
· Strong knowledge on Databases.
· General knowledge of systems, OS, and Infrastructure.
· Knowledge of Internet security issues and threat landscapes.
· General security practices, concepts.
· Static/Dynamic Code Review Methods and tools.
· Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST).
· Ability to write scripts using bash, PowerShell, Python, Perl, etc.
· Demonstrated experience with several of the following technology, vulnerability scanning tools (Burp Suite, Acunetix, AppScan, Fuzzers), etc.
· An understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR, SSAE-18 SOX).
· Fluency in English, written and spoken is a must.
· Excellent documentation and communication skills.
· Must be able to work independently, and also a team player.
Preferred Education, Experience and Licenses
· Strong experience with Programming Languages like C#, Java, NodeJS etc.
· Static, Dynamic Code scanning tools (Fortify, Whitehat, …).
· Vulnerability Assessment Tools (Rapid7 Nexpose, Qualys, ZAP).
Education & Qualifications
· Bachelor’s Degree in an IT related discipline.
· CEH\CHFI\ CISSP or similar security related certification.
· In lieu of certifications, at least 6 years of information security, software development, or risk management experience
