Job Details

Lead II - Cloud Infrastructure Services

Advertiser
UST
Location
Deerfield, Illinois, United States
Rate
-

UST Globalฎ is looking for talented and creative Application Security SME who will be working with one of the leading FinTech company in the US. The ideal candidate should have the ability to work creatively and analytically in a problem-solving environment. The ideal candidate must possess excellent written and verbal communication skills with the ability and knowhow to collaborate effectively with domain experts and IT leadership team.

Purpose of Role / Short Description

This resource is an expert in Application Security Domain and has 15+ years of overall IT experience, 8+ years of experience in Security Domain with focus on Application Security. This resource will be responsible to provide technical expertise to help us continue to develop strengths with Application Security program. [key skills SAST/OSS/Black Duck/Coverity.

Profile (Experience)

Application Security:

Minimum 8 years of experience in Application security.

• Strong knowledge of SSDLC and should hands on threat modeling, design reviews, peer code reviews as part of the secure development lifecycle.

• Strong knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices.

• Strong knowledge and experience in SAMM 2.0 Assessment.

• Must have experience in implementing Threat Modelling and performing Secure Architecture Design Reviews.

• Must have experience in writing AppSec standards and guidelines.

• Application security testing on web applications, mobile application, network devices and servers

• Should have hands on experience with technology and to contribute to the design, development and support of projects with the security recommendations.

• Strong knowledge of security frameworks (OWASP-TOP 10, SANs-TOP 25 and OWASP-API-TOP 10) secure coding practices, information security principles & architecture and industry specific auditory frameworks.

• Must have Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modelling, Security Code Review.

• Must have Deep understanding of the nature of security threats, their classification

• Must have Knowledge of most common implementations of the Threats in application security(e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc)

• Familiar with existing Security Standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria, etc) and what does it mean to implement compliance with them

• Familiar with the tools for various security activities: SAST, OSS and DAST,IAST and SCA including Penetration testing

Key Responsibilities

• Hands on experience SAST, OSS, DAST, IAST and SCA including Penetration testing and fuzz testing tools.

• In-depth knowledge of NIST/OWASP/SANS/ISO 27001/ISO 27002 standards.

• Design tests tools to break into security-protected applications and networks to probe for vulnerabilities.

• Provide triage and remediation support after security vulnerabilities are reported.

Application Security:

Minimum 8 years of experience in Application security.

• Strong knowledge of SSDLC and should hands on threat modeling, design reviews, peer code reviews as part of the secure development lifecycle.

• Strong knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices.

• Strong knowledge and experience in SAMM 2.0 Assessment.

• Must have experience in implementing Threat Modelling and performing Secure Architecture Design Reviews.

• Must have experience in writing AppSec standards and guidelines.

• Application security testing on web applications, mobile application, network devices and servers

• Should have hands on experience with technology and to contribute to the design, development and support of projects with the security recommendations.

• Strong knowledge of security frameworks (OWASP-TOP 10, SANs-TOP 25 and OWASP-API-TOP 10) secure coding practices, information security principles & architecture and industry specific auditory frameworks.

• Must have Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modelling, Security Code Review.

• Must have Deep understanding of the nature of security threats, their classification

• Must have Knowledge of most common implementations of the Threats in application security(e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc)

• Familiar with existing Security Standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria, etc) and what does it mean to implement compliance with them

• Familiar with the tools for various security activities: SAST, OSS and DAST,IAST and SCA including Penetration testing

Key Responsibilities

• Hands on experience SAST, OSS, DAST, IAST and SCA including Penetration testing and fuzz testing tools.

• In-depth knowledge of NIST/OWASP/SANS/ISO 27001/ISO 27002 standards.

• Design tests tools to break into security-protected applications and networks to probe for vulnerabilities.

• Provide triage and remediation support after security vulnerabilities are reported.

• Excellent interpersonal, verbal and written communication skills

• A flexible attitude with respect to work assignments and new learning

• Ability to manage multiple and varied tasks with enthusiasm and prioritize workload with attention to detail

• Hands on development using Java / J2EE or. NET Technologies or any Web applications

• Strong knowledge and experience in handling tools like

SAST: Fortify, Coverity or Checkmarx

OSS: BlackDuck

DAST: Burp Suite or Acunetix or any

IAST: Hdiv Detection or any

SCA : Black Duck or any

DB Vulnerabilities Scanning : Synk or any

Vulnerability scanning tools: Nessus Professional or any

Penetration Testing: Metasploit or any

API Security Tools: Checkmarx or any

• Good understanding of Object-Oriented Analysis and Design

• Good understanding of any application web servers

• Knowledge of ISO 27k, Governance, Risk and Compliance concepts, standards and frameworks

• Experience in using InfoSec assessment/audit tools and/or controls-based industry standard frameworks

• Good understanding of DevSecOps practice and DevOps Life Cycle

• Familiar with code management systems (e.g.: GitHub/ BitBucket), CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.

• Good understanding on Network Security and Data Security.

Function Global Information Security

Sub-Function Application Security

Location Onsite or Offshore (US Hours - 7 AM to 4 PM ).

Assessment / Certification Certification such as CISSP, CSSLP, CCSP, CREST, OSCP, CEPT, CompTIA PentTest+ would be of proffered

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events