Day to Day Operations:
• Develop security awareness, guidance, and socialization materials for training, for internal applications teams.
• Review and provide consulting for IT security team members as part of security reviews and investigations.
• Monitor and investigate application security logs.
• Develop implement and improve application security logging, alerts, and incident response capabilities.
• Perform Cross functional internal teams and assist with architecture, threat modeling, and reviewing systems and infrastructure to identify vulnerabilities and weaknesses in architecture.
• Make appropriate vulnerability remediation recommendations, create socialization and technical analysis documentation, and collaborate with teams to implement those recommendations.
• Conduct vulnerability research and analysis for emerging threats, best practices, and architectural models for application architecture and dependencies.
• Audit, validate, and track application architecture vulnerabilities across presentation, data management and integration levels to report and prioritize risk to businesses.
• Perform Application penetration testing to examine target systems in detail, looking for vulnerabilities and weaknesses.
• Identify and implement application-level security technical and process vulnerability remediations and improvements.
• Define and own metrics to determine the effectiveness of security controls.
Apply comprehensive hardening to infrastructure platforms, deployment code, and images.
• Architect, build, automate, and operate automated security controls/tools and review capabilities to detect vulnerabilities across all applications and services.
• Create and maintain Secure Software Development Life Cycle (SDLC) and secure SDLC models documentation for application development teams.
• Review, create and maintain security requirements of an application while in development.
• Define, maintain, and enforce application security polices, standards, and procedures.
• Perform manual and automated code review of applications.
• Assess track and prioritize vulnerabilities of applications.
• Provide detailed analysis and mitigations based on assessments and testing of applications.
• Prioritize remediation based on security ratings and the needs of the business.
• Create socialization and guidance materials for Security standards.
• Lead Application Security Event Forensic Root Cause Analysis.
• Collaborate with incident coordinators and report to management of findings in real time.
• Perform IT Security Triage, Scoping, and Containment, and Mitigation activities in coordination with application owners.
• Complete documentation of IT Security events.
Functional Abilities, Knowledge and Skills
• Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.
Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
• Ability to self-manage with limited oversight.
• Excellent written and oral communication skills.
• Excellent interpersonal skills.
Excellent judgment and problem-solving skills.
• Strong Knowledge of OWASP Top 10.
• Strong knowledge of application threat modeling.
• Static application security testing and dynamic application security testing.
• Ability to review and walkthrough code in real-time for application code and script review.
• Ability to troubleshoot modern identification and integration services implementations.
Technical Abilities, Knowledge, and Skills
• Proficiency with Application vulnerability scanning and penetration tools such as BurpSuite, AppSpider, Kali, etc.
• Proficiency with Scripting and Coding languages including Powershell and Python, or similar in a Windows Environment
Training and/or Education:
Bachelor’s degree in Computer Science, Application Development, Cybersecurity, or related field.
Licenses or Certificates:
Security+, SSCP, or CySA+ Certification
• Minimum three (3) to five (5) Years in Application, Web, and/or Database Management
• Minimum one (1) to two (2) years of work experience in an Application Security function.
• Experience with integration systems including managed file transfers, privileged access management and integration platforms as a service.
• Experience with Oracle and Microsoft Database environments
• Experience working in Virtualized and Cloud environments
• Experience with identity protection services such as Azure Identity Protection Services
• Experience implementing Azure MFA integrations.
• Experience with implementing modern authentication structures for authentication SAML, OIDC, and OAuth.
• Experience with Solution as a service and other cloud model architecture.
• Experience with AWS, Azure environments including log review, analytics, and security services.
• Experience testing APIs and mitigating open API vulnerabilities.
• Experience in pen testing and the MITRE ATT&CK framework.
• Experience troubleshooting Application and Operating system interactions