What You’ll Do:
- Collaborate with Product Mangers, Scrum Masters, and Application Architects identifying and injecting security requirements into Acceptance Criteria of epics/ stories.
- Conduct Threat Modeling on various components of application solutions.
- Hands-on coding on various security use cases into developers' unit, integration, Selenium, and API testing.
- Perform security testing via Static, Dynamic or Interactive tools and rule-out false positives.
- Collaborate with DevOps engineers and be hands-on on developing security features/ controls/ tests as infrastructure-as-code in CI/CD pipeline.
- Review, analyze, and help on re-test various Pen Testing items.
- Provides appropriate security guidance and answer technical and procedural questions for less experience team members; teaching improved processes and mentoring of team members knowledge transfer to design and implement appropriate safeguards.
- Collaborate and consult with cross functional IT teams and business partners to identify risks, develop technical standards, specifications, guidelines, and implement appropriate information security controls.
- Ensure that individual projects remain aligned with security strategies, architectural designs and standards through governance oversight and mentoring.
- Build relationships and maintain effective communications with the lead architects and development groups throughout the organization
About You:
- Passionate about Application Security
- Hand-on experience in static application security testing, dynamic application security testing, interactive application security testing, and penetration testing methodology, techniques, and tools
- Experience with 4+ years in Application Development with focus on security on Java, .Net, AngularJS, Python, JavaScript, open-source languages, and frameworks
- Solid knowledge of OWASP Top 10 and vulnerabilities and remediation technics
- Solid knowledge about Secure-by-Design and Secure-Coding approaches and technics
- Experience in Threat Modeling, API Security testing, and knowledge on container security
- Experience working with Agile/Scrum software development practice and DevOps culture
- Preferably experience with setting up Secure Cloud configurations (Azure, AWS etc.)
Qualifications and Experience:
- Bachelor's degree in Computer Science or related information technology field.
- Preferred having security related certification - CISSP, CCSP, GSEC, SANS GIAC or equivalent.
- Experience and Knowledge of SDLC, SCRUM
- Preferably 2 years professional project management experience preferred
Why You Should Work Here:
- The ability to work in an environment that encourages creativity and fresh ideas
- The ability to be on the leading edge of SaaS driven technology solutions for capital markets and regulatory disclosure requirements
- The opportunity to join a well-established and growing company that has just completed its most successful year
Solutia Consulting, Inc.® is an AA/EEO employer.
Last updated May 5th, 2022.