Application Security Team Leader
Posted on Apr 17, 2019 by Request Technology - Craig Johnson
Prestigious Fortune 500 Company is currently seeking an Application Security Team Leader Lead Application Security Engineer.
Candidate will have a strong background in application security, deep understanding of secure coding practices, code scanning tools, best practices, SDLC, CI/CD pipeline, and DevOps. Candidate will help build this function into a formally recognized service; partnered heavily with development and fully representing the security organization. As a leader, specific lead experience should be present as well analytics, reporting, and analysis of current application portfolio security posture, coding practices, common root cause, cross-training expertise, and distinct knowledge of what constitutes an effective application security program.
- Strong Technical Leadership or hands-on management over an Application Security program
- Strong experience in application development (Java EE, Python, web APIs, C++/C#, .Net, and/or Linux Scripting)
- Strong experience with Application Security and Application Penetration Testing
- Strong understanding of a variety of application development architectures, platforms, methodologies, and supporting operating systems
- Strong understanding of web hosting platforms and web services (AWS preferred).
- Working knowledge of remediation methods (OWASP Top 10 at a minimum)
- Understanding of enterprise computing environments, distributed applications, and container technology (Docker preferred)
- Exceptional interpersonal and communication skills
- Familiarity or experience with CI/CD
- Any of the following certifications are desired: GWAPT, GWEB, OSCP, CISSP, CSSLP, or similar advanced security certification
- Conduct tests to evaluate and demonstrate the impact of software misconfiguration and vulnerabilities on in-house applications
- Model attacker behavior and help teams evaluate their resilience to known attack methodologies
- Provide expert level security consultation to project teams, application owners, and general technology teams on relevant security controls and Secure-SDLC process requirements
- Build & Monitor systems that ensure application security policies, coding standards and required security controls are being followed and appropriately mitigating threats
- Assist with required security education initiatives and foster a security-conscious culture within AppDev teams
- Develop, Enhance, and Participate, as needed, in security portion of Secure-SDLC
- Analyze and provide remediation guidance for identified vulnerabilities; validate and verify remediation implementation
- Participate and lead Information Security projects to expand AppSec capabilities
- App Security/Pen testing background Application development that progressed to a Security role will be considered, and Cloud and container experience is essential.