Job Description

Position Overview

Leads technical efforts for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. This involves in-depth knowledge of the business processes involving Network, architecture, relationship between systems, and systems flow of end-to-end designs for Network & Technology applications with application security focus as well as collaborative working relationships with delivery teams

Responsibilities

Performs application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
Research information security standards; conducts application security and vulnerability analyses and risk assessments; research threats and attack vectors that impact applications. An example would be interpreting a SOC 2 from a vendor to determine if technical requirements of a control are met.
Makes recommendations on toolset modifications and improvements, improvements on development processes and production application security support.
Technically mentors associates within the department. Provides training and guidance to team members as required.
Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
Participates in automation of scanning and workflows around an internal application security framework
Ensures teams are validating for OWASP and performing industry leading application security practices such as NIST Cyber Security Framework.
Perform other duties as assigned.

Requirements

Required: Bachelor’s degree or equivalent experience.

Preferred: Master's degree and/or LOMA certification, MCSE

8+ years of relevant work experience.
Experience in application vulnerability assessments, Testing and execution
Broad experience in Quality Assurance and software Development with security testing/development as focus area.
Advanced experience in security testing tools such as Burpe Suite, Zap, or similar tools. Strong background with application security assessments.
4+ years hands on system administration and scripting experience. (SQL , PL/SQL Scripting and Oracle Database Tools)
Experience in Programming languages like Java, Net, Perl/Shell/AWK scripting is a plus.
Awareness of Advanced Automation scripting and Automation testing tools.
Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Experience in system technology security testing (vulnerability scanning and penetration testing).
Experience in application technology security testing (white box, black box and code review).

Technical Requirements

SAML, Oauth, Cloud authentication/authorization mechanisms, and secrets management
SDLC                                                                                                                           

Preferred Experiences

5+ years’ experience in systems and network monitoring technologies and tools
4 or more years’ experience in designing solutions or applications with programming technologies and tools
Experience working with Cisco/Juniper network equipment devices is a plus.
2 + years of experience with public and hybrid cloud environments.
Insurance industry knowledge
SANS GIAC
CISSP