Desired Skills and Experience
- Ensuring that SOC 2, ISO 27001 and Client Security Policies are in accordance for API and cloud services.
- Developing, implementing and monitoring enterprise information security architectures and solutions.
- Assessment automation through penetration testing and ethical hacking, and analyzing risks post assessment.
- Development of Ansible playbooks to ensure web application security.
- Collaborate with QA to establish and ensure security awareness throughout software development lifecycle.
- Source code review work for application design and architecture.
- Security, logging, auditing and support for all applications hosted in Client environment.
- Assessment of security tools, vendors and solutions to support information security initiatives.
- Deliver training for security within development lifecycles and coding practices.
- Internal penetration testing and assessments for vulnerabilities.
- Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation
- 7+ years of experience within Information Security for application development.
- Holder of CISSP, GIAC, CSSLP or CEH preferred.
- Development, deployment and automation of application security solutions within enterprise cloud environments.
- Knowledgeable in DevOps practices and security for CI/CD preferred.
- Knowledgeable in Microsoft Azure architecture and services
- Strong understanding of OWASP Top 10 and CWE/Sans Top 25
- Proficiency in ethical hacking and whitehat penetration testing
- Technical security control environments and compliance including CSA CCM, ISO 270001 and SOC2
- Burp Suite, Metasplot and Kali Linux proficiency preferred
- Web Application architecture, API development and MVS Framework proficiency required
- Experience investigating security related to web application exploits, credential stealing and authentication-based exploits
- Programming profiency in Java Script, HTML, PHO or Python with preferred additional knowledge of Java C++ or C
- Scripting through Powershell, Python, Perl etc preferred
- Knowledge of threat models for large, distributed systems and cloud-based SaaS infrastructure