Application Security Architect
14693 E Orange Lake Boulevard Kissimmee, FL 34747
Tews Company has a great opportunity to join our clients Information security team as an Application Security Architect. This position is located in Orlando, Florida. Please note we are looking for someone with strong web development skills or has a great understanding of Application security and the SDLC.
This role will work closely with our client’s Architecture team to ensure all Information Security Controls are included in all applications and cloud endeavors. The Applications Security Architect will also perform application vulnerability assessments and source code review using automated (Static and Dynamic) tools and manual techniques. The candidate will assist in integrating vendor security tools and in-house custom tools into the CI/CD process and bug tracking tools to ensure vulnerabilities are discover and remediated early in the SDLC. In addition, the candidate will help troubleshoot these integrations to ensure minimal service interruption in the SDLC process. The candidate will also assist in performing Web application penetration tests and generate formal, actionable reports to be provided to the development team after the completion of the security assessment. The candidate will also assist in tracking application vulnerability remediation to ensure defect management is handled in a timely and effective manner. The candidate will also produce metrics reports on application vulnerability trends for management and also to develop a training program for developers regarding application security. While the candidate is focused on Applications Security and Secure development the role also encompasses other domains of IT Security and Operational Risk Management.
We are looking for someone with the following experience:
- Experience with at least one commonly used programming language, such as C#, Java, Python, C/C++, etc.
- Experience with at least one SAST or DAST solutions such as CheckMarx, HP Fortify, HP WebInspect, AppSpider, findbug, Acunetix, dependency-checker, Veracode, IBM AppScan, etc.
- Experience with at least one web application scanner such as OWASP ZAP, BurpSuit Pro, W3aF, Fiddler, SQLMap, etc.
- Knowledge of middle/service tier such as .Net Framework, C# using WCF and restful services.
- Knowledge of backend DB such as SQL Server 2008 R2, SQL Server 2012, SQL 2014, and NoSQL technologies.
- Hands-on knowledge on penetration testing tools such as Kali Linux, Metasploit, Core Impact, NMap, WireShark, TCPDump, Aircrack-ng and AirMagnet or others are a plus.
- Relevant Professional Certifications or currently pursuing (OSCP, GWAPT, GPEN, CEH) are a plus.
- Must be able to talk about vulnerabilities, weakness and defensive techniques found in the OWASP Top 10 and/or CWE 25 to any audience.
- Must be able to explain the security requirements of each SDLC phases.
- Must have strong verbal and written communication skills, including experience writing technical documents and ability to speak in public.
- Perform vulnerability assessments and source code review using manual and automated tools. Assess and test security tools results for false positive before reporting vulnerability to development team using bug tracking software. Work closely with Applications development teams to retest remediated application vulnerabilities detected through security scanning tools.
- Work with the Architecture team to define Information Security Controls for company applications and cloud housed systems/applications.
- Assist in the implementation and troubleshooting of vendor and in-house security tools in the CI/CD pipeline and bug tracking software using standard plug-ins and custom script.
- Track vulnerability remediation and produce metrics reporting the state of the application security programs and performance of the development teams against target requirements.
- Bachelor’s Degree in Computer Science, Information Systems or Information Technology.