Brooklyn, NY (Onsite)
Estimated Best in Market
12 Months
Posted on: 06/07/2023
Job Description:
- Work with product development, management, engineering and operational teams to develop best of breed security architectures supporting compliance, customer requirements and operational SLAs.
- Provide practical guidance to engineering teams to support the implementation of security controls, guidelines, recommendations and best practices.
- Develop and implement Secure Development Lifecycle (SDL) processes and (automated / Dev ops) tools, integration to CI/CD
- Assist engineering teams in performing Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategies.
- Assist teams in identifying mitigation approaches for of vulnerability and static/dynamic scan results.
- Identify technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks.
Responsibilities:
- Strong understanding of application security and industry standards and best practices (OWASP / SANS / NIST)
- Strong understanding of SDLC and Secure Development Lifecycle (SDL) including performing threat modeling and risk assessments
- Strong understanding of integration of security in CI/CD pipeline, DevOPS, DevSecOPS
- Experience designing and implementing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation)
- Must be a self-starter and able to work well with others in a fast-paced agile environment with an emphasis on collaborating and assisting the team to meet business objectives.
Requirements:
- 3+ year experience in tools like SD Elements, Veracode, Tenable, Rapid7 or equivalent products.
- 8+ years of information technology experience
- 5+ years of security engineering experience
- Bachelor’s degree in information security/systems or related experience
- CISSP / CCSP certification a plus