About the job
Currently seeking an Application Security Specialist to join the global Application Risk team within Technology Risk. The team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm. The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness. You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function:
- Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC)
- Interface with Business Units to help remediate issues identified by automated tools – own security reviews, BU engagement (related to reviews, findings and remediation) and BU communication process
- Review and provide advice and consultation to business owners for the security defects identified
- Support and lead static, dynamic and awareness services
- Help engineer tools and solutions that will facilitate the adoption of security controls
- Product evaluation for new solutions that can benefit the Secure-SDLC program
- Develop PoCs, to be shown as solutions, and handover to S-SDLC Engineering for broader rollout
- Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk
- Be responsible to communicate program to broader developers’ community for solutions that might impact Developer Experience (DevEx).
- Be responsible for the awareness, training and guidance on security related issues
- Develop rule optimizations for FP/TP (tuning)
You will have a minimum of 5 years’ experience in information security or related. You will use your strong technical, interpersonal, organizational, written and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:
- Understanding of common application security vulnerabilities and controls to remediate.
- Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
- Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management
- Ability to provide clear guidance on vulnerability remediation
- Secure software development practices and frameworks
- Secure Code Review and Application Security assessment
- Good knowledge of at least one major programming language (e.g. Python, NodeJS, Go etc.)
- CI/CD Knowledge: Jenkins, BitBucket CI, Bamboo, GitLab CI, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar)
- DevSecOps solutions – Static Application Security Testing (SAST), Dynamic/Interactive Application Security Testing (DAST/IAST), Software Composition Analysis (SCA), Container Security, Mobile Security
Preferred qualifications include Cloud Security applications (monitoring and preventing controls) and Medium-scale technical program management skills. If you feel you have the necessary exposure and would like to apply for this role, please kindly get in touch on (+1) 216 290 5977 or send your CV/resume to [email protected] (Job Ref: 88397) Location – Dallas, Tx.
More Information
- Address Dallas, TX, USA
- Salary Offer $50.000 ~ $100.000
- Experience Level Junior
- Total Years Experience 5-10