Our client is a global financial services firm located in New York City. They are seeking an Application Security Lead to join the team.
The Application Security Lead will lead, develop, test and recommend solutions on matters relating to Application Security. This role will be responsible for partnering with the application development team to provide secure applications to firm's Asset Management and Financial Advisory businesses. This role focuses on automation, process, architecture review, and building/monitoring necessary tools to support a Secure SDLC for the firm's Agile application development environment and technology operations. The role requires a strong grasp of application security principles and practices and a background working in an application development and coding environment within a large DevOps based enterprise.
Requirements
• Bachelor's Degree in Information Technology, Computer Science or a related field
• 5+ years of experience designing, developing, and testing of software applications and/or infrastructure
• 3+ years of hands on security experience with AWS/Azure/GCP Cloud Architecture – Experience with writing secure and functional AWS IAM Roles, Policies, and Procedures.
• Strong experience with writing secure and functional AWS/Cloud IAM roles and policies.
• Strong Experience with building secure pipeline tools like; Jenkins, Jira, Sonatype Nexus, Veracode
• Strong Experience with secure code development using OWASP principles, static and dynamic code scanning and remediation
• Understanding of application threat modelling and Agile SDLC security practices
• Experience in developing secure code and application security standards
• Experience working with/patching open-source code/libraries
• Experience conducting application security testing and source-code reviews
• Certification in CEH, CISSP, CISM, CompTIA Security, CISSP, or GSEC (similar)
Responsibilities
Build a very close working relationship with DevOps, application development and QA teams.
Designing and delivering security training to developers
Determine security requirements by evaluating business strategies
Conducting system security and vulnerability analyses, penetration testing and risk assessments
Partnering with Developers to implement security remediation's for identified weakness.
Conduct and facilitate periodic application security awareness training and workshops
Develop and Manage Web Application Firewall (WAF) security policies to mitigate OWASP and application security threats,
Create and maintain Application Security policies including secure coding policies, procedures and standards, coding standards, and the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
Ensuring acquired or developed systems are consistent with the solution engineering and security architecture guidelines
Defining and documenting how the implementation of a new system or interface impacts the security posture of the current environment
•
Last updated on Jun 26, 2019