NO SPONSORSHIP

Associate Principal, Applications/Cloud Security

SALARY: $150k flex plus 15%

LOCATION: CHICAGO, IL

3 days onsite 2 days remote

Looking for a candidate with to be a security applications lead to secure software development initiatives. Cloud self-managed security tools manual and code reviews manual penetration assessments coding experience python Java cicd Jenkins iac and containers rmfc csf application security penetration testing automation and scanning tools OWASP

• Application Security Testing - The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
• Vulnerability Management - The cataloging, reviewing for false positives and mitigations, threat and risk assessments, and life cycle management through remediation according to SLAs of application vulnerabilities.
• Release Management - Ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary.
• CI/CD pipeline - Develop scripts to integrate Security tools into the Jenkins pipeline and assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation.
• Documentation - Perform administrative and regulatory control activities including development of process and procedural documentation and gathering evidence for audits.
• Process Improvement - Continually enhance current practices, assess current toolset, and help implement new tools and processes to enhance current security coverage.

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Excellent oral and written communication, analytical skills to successfully analyze and communicate complex problem and solutions.
• Organized, curious, persistent, and service-oriented.
• Ability to work independently and effectively with local and remote OCC staff, management, and consultants while exercising sound judgment.
• Critical thinking and Analytical skills (preferred that the applicants have taken information system focused courses)
• Self-starter
• Programming knowledge and coding experience, particularly Python and JAVA
• Basic understanding of system development life cycle
• Prefer basic knowledge of CI/CD pipelines (Jenkins)
• Prefer knowledge of IAC and containers
• Prefer knowledge of Security control frameworks (RMF, CSF)

Technical Skills:

• General knowledge of Scripting languages (Python, etc.)
• Experience performing application security manual penetration tests and familiarity with pentesting tools (eg, Burp Suite, Kali Linux, Postman)
• Knowledge of security architecture design and principles including confidentiality, integrity, and availability.
• Experience with using or reviewing output of automated code scanning tools and development pipeline tools
• Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP).
• Familiarity with application frameworks and their built-in security services and API's (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
• Familiarity with application authentication and authorization systems (ie, CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)
• General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)
• Fundamental understanding of network and data communications technologies
• Knowledge of security in Cloud concepts
• Knowledge of Secure DevOps concepts