Application Security Principal

Responsibilities

Core Responsibilities

• Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
• Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training.
• Develop and maintain the application security architecture, ensuring that it aligns with overall security strategy and standards.
• Evaluate, implement, and manage security tools and technologies that enhance the security posture of applications.
• Conduct risk assessments for applications to identify potential vulnerabilities and threats, develop strategies to mitigate these risks.
• Oversee and coordinate security testing activities, including static code analysis, dynamic application security testing, and penetration testing.
• Perform system hardening and remediation to effectively guide developers and system administrators in addressing vulnerabilities and implementing security controls.
• Perform security assessments, penetration testing, and code reviews to identify potential flaws in codes and mitigate vulnerabililties.
• Analyze security needs and software requirements to determine feasibility of design within time and cost constratints and security requirements.
• Perform threat modeling, risk assessment, and vulnerability management to identify potential security risks and work with development teams to implement appropriate security controls.
• Provide guidance and training to development teams on secure coding practices and promote security awareness across the organization.
• All other duties and projects as assigned.

Qualifications

Education

• Bachelor’s degree in computer science, Information Security, or a related field.

Experience

• A minimum of 10+ years of experience using penetration testing tools like Burp Suite.
• Experience in application security tools and IDE Plug-in environments, including HP Fortify.
• Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
• Expertise in system hardening and remediation.
• Proficiency in security assessments, penetration testing, and code reviews.
• Expertise in threat modeling, risk assessment, and vulnerability management.
• Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.
• Strong leadership, communication, and interpersonal skills.
• Collaborative and effective in cross-functional team environments.
• Strong analytical skills to assess risks and vulnerabilities in complex systems.

Preferred Qualifications

• Professional certifications such as CISSP, CSSLP, or CEH
• Cloud Technology Expertise: Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud. Your understanding of cloud infrastructure will enable you to assess secruity aspects unique to cloud-based mobile applications and API's.
• Cloud Platform Experience: Possess working knowledge and practical experiences in security testing within cloud platforms, particularly Azure. Your familiarity will be crucial for assessing the secruity of cloud-hosted mobile applications and APIs.
• Proficiency in scripting and automation for security testing.