Job description

ESSENTIAL FUNCTIONS:

• Use development experience to create necessary scripts to meet various needs of software security program.
• Assist with management of security champion program with development teams
• Assist with management of application scanning program (DAST, SAST, SCA, IAST, etc) including identifying applications that require scanning, managing on boarding of applications into scanning programs, and working with development teams to understand and remediate findings.
• Research and present on topics to development teams focused on specific application vulnerabilities or application security areas of interest to teams
• Assist with creating, editing, and revising standard policies and procedures and documentation of technical processes
• Assist with validating and explaining security vulnerabilities reported via scanning, security researchers, users, etc.
• Participate as needed in Incident Response, Threat Hunts, Penetration Testing, and other tasks as they relate to application security
• Take on additional responsibilities as applicable.

EDUCATION, SKILLS AND EXPERIENCE REQUIREMENTS:

• Development experience using Python, BASH, Ruby, or other scripting languages
• Understanding of OWASP Top 10 and SANS Top 25
• Understanding of Software Development CWE classes
• Understanding of Secure Software Development Life Cycle
• Knowledgeable about Software Development related CIS controls
• Knowledge on NIST-800-53 and OPA hands on.
• Knowledge on Zero trust security will be advantage.
• Should have exposure on API security.
• Knowledgeable about modern web application frameworks like Node.js, React.js, Angular, Ruby on Rails, Laravel, etc.
• Should have experience on Jenkins, GIT, Bitbucket, Jfrog, Quay, ECR, Docker, OCP, Kubernetes
• Knowledge on Cryptography, network and web related protocols (such as TCP/IP/UDP/HTTP,HTTPS,Protocols)
• Experienced in cloud Native and Container security Kubernetes, OCP. Must have hands-on CICD scan. Tools – Prisma Cloud, Aquasec, Wiz any one.
• Candidate should have work experience on multi cloud environment -AWS, AZURE, GCP
• Knowledgeable about Dev Sec Ops, IAC, and securing CI/CD Pipelines .
• Should have good knowledge on Application security, Thread-modelling, Source code analysis, Source code composition, DAST, Vault exposure.
• Appsec tools – Burp-Suite, ZAP, Veracode, Checkmarx, Snyk, Thread modeler, Qualys web scanner ,Hashicorp Vault, Prisma Cloud, Aquasec and Wiz
• Ability to see the big picture and keep it in mind while performing operational activities, vetting vendors and tools, and apply all of these things when helping plan the next phases of our software security program
• Able to work on multiple projects simultaneously in a fast-paced environment
• 5 years + of IT/IS experience at a top ten accounting or cybersecurity firm
• Bachelor’s Degree in the following programs (or equivalent):
• Management/Computer Information Systems
• Information Assurance
• Cybersecurity
• Accounting/Business major who completed basic MIS/IT courses

• In the process of or have already taken the exam for an IS-related certification (e.g. CISSP)

Job Type: Contract

Salary: $80.00 - $90.00 per hour

Experience level:

• 8 years

Schedule:

• 8 hour shift

Experience:

• CICO: 4 years (Preferred)
• Cybersecurity: 7 years (Preferred)
• Information security: 7 years (Preferred)

Work Location: One location

johnandkristie.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, johnandkristie.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, johnandkristie.com is the ideal place to find your next job.