Job Description
Our client, The Michigan Cyber Security (MCS), is looking for a Senior Full Stack Security Auditor who is passionate about designing and building secure platforms and applications through Dynamic, Static and Software Composition Analysis assessments. This position is not a member of the Security Operations Center, rather it is dedicated to working with software development teams on secure coding practices The ideal candidate will feel comfortable working with both front-end and back-end application developers, as well as building, automating, and securing on-premises and cloud-based applications.
Tasks
- Partnering with distributed teams to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation.
- Help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration, verification, compliance, and authorization of systems.
- They will be a key member of a team tasked with maturing the organization's software development and security practices
Skills Required
- 5+ years - IT related experience.
- 3+ years - Experience implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices
- 3+ years - Experience with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks.
- 3+ years - Experience with networking, infrastructure, secure application development and security automation (DevSecOps).
- 3+ years - Hands-on knowledge building and deploying secure complex distributed web and mobile applications.
Candidates must be currently local within a commutable distance, no more than 1-1.5 hours. Manager is not interested in candidates who would need to relocate to accept the role. Position will be hybrid, in office 2 days a week upon start. Must be a United States Citizen/GC Holder and ability to pass a CJIS background check to apply. The State does not sponsor visas.
Skills Desired
- Experience with Coverity, BlackDuck, CodeDX, Fortify
- Familiarity with Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud)
- Experience with HTTP Request/Response headers for web and Restful API calls
- Experience with Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
- Experience with API Security
- Experience with OAUTH/OIDC/PKCE
- Experience with Web, API replay attacks
- High-level understanding of containers
- Cloud development experience (Azure, AWS, GCP)