Vulnerabilities AppSec Security Implementation Lead
Posted on Jan 14, 2022 by Request Technology - Craig Johnson
*Position is bonus eligible*
Prestigious Financial Company is currently seeking a Vulnerabilities AppSec Implementation Lead. Candidate will be part of a team responsible for analysing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities.
- Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
- Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
- Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
- Report to senior management on status, next steps, risks, dependencies
- Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
- Interacting with project teams to seek implementation and completion of security requirements
- Documenting processes based on established guidelines
- Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (eg authentication)
- Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
- Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
- Other job-related duties as assigned.
- Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
- Understanding of Kanban and/or Agile methodologies.
- Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
- Self-starter takes the initiative to research, learn and deliver. Anticipates the play.
- Team player humble, collaborative, and focused on making sure the entire team succeeds.
- Familiarity with common software vulnerabilities (eg OWASP Top 10) and their remediation
- Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
- Ability to follow established processes
- Ability to juggle several high visibility projects
- Ability to read code in mainstream programming languages such as Python, C#, Java
- Knowledge and experience with Security scanning tools such as Black Duck and Veracode
- Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
- Knowledge of Product Owner role. Product Owner certification is a plus.
- Practicing Knowledge of Kanban/Scrum team mechanics with hands-on experience
- Certification of some type of Project/Program management is a plus.
- A total experience in technology and security landscape for 11 to 15 years is required.
Education and/or Experience:
Bachelors or Masters Degrees in Computer Science, Information Systems or other related field. Or equivalent work experience.