Job Description
- Application Security Testing - The use and maintenance of cloud and self-managed security scanning tools, manual source code reviews, and manual penetration assessments.
- Vulnerability Management - The cataloging, reviewing for false positives and mitigations, threat and risk assessments, and lifecycle management through remediation according to SLAs of application vulnerabilities.
- Release Management - Ongoing reviews of application releases to ensure only secure and reviewed code is pushed to prod, with automation tasks as necessary.
- CI/CD pipeline - Develop scripts to integrate Security tools into the Jenkins pipeline and assist development teams with interpreting results from pipeline vulnerability verification reports to facilitate vulnerability remediation.
- Documentation - Perform administrative and regulatory control activities including development of process and procedural documentation and gathering evidence for audits.
- Process Improvement - Continually enhance current practices, assess current toolset, and help implement new tools and processes to enhance current security coverage.
- Programming knowledge and coding experience, particularly Python and JAVA.
- Basic understanding of system development lifecycle.
- Prefer basic knowledge of CI/CD pipelines (Jenkins).
- Prefer knowledge of IAC and containers.
- Prefer knowledge of Security control frameworks (RMF, CSF).
- General knowledge of scripting languages (Python, etc.).
- Experience performing application security manual penetration tests and familiarity with pen testing tools (e.g., Burp Suite, Kali Linux, Postman).
- Knowledge of security architecture design and principles including confidentiality, integrity, and availability.
- Experience with using or reviewing output of automated code scanning tools and development pipeline tools.
- Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (e.g. OWASP).
- Familiarity with application frameworks and their built-in security services and API’s (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.).
- Familiarity with application authentication and authorization systems (i.e., CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP).
- General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.).
- Fundamental understanding of network and data communications technologies.
- Knowledge of security in Cloud concepts.
- Knowledge of Secure DevOps concepts.
About Request Technology:
Request Technology, LLC consists of a group of Associate Recruiters, each of whom has an extensive background within the search industry. We fill positions at every level, from entry level to executive. Our specialties have proven to be our strength within the industry; we have successfully filled more than 80 percent of our available positions. With each engagement, we gain a better understanding of an organizations corporate culture and the needs of IT positions within it. Further more, we partner with our clients to match the candidate’s personality with the company culture by learning about the candidate’s background, which companies they have worked for, why they have left organizations and what motivates them to succeed. Thank you for your interest in Request Technology. For additional information, please visit our Web site at www.requesttechnology.com or call me at 630-717-5865. Because we work on a contingency basis, you have no obligation to us until we find you the right candidate. We back this up by offering you a three-month, money-back guarantee. I look forward to working with you and demonstrating for you firsthand why Request Technology is peerless in a highly competitive industry.