Description

You will work directly with software development teams to implement secure coding practices and mature secure software development lifecycles.

Responsibilities

  • Perform Dynamic, Static, and Software Composition Analysis (DAST, SAST, SCA) assessments.
  • Partner with distributed teams to implement security patterns and automation for continuous compliance and risk mitigation.
  • Lead efforts to automate secure configuration, verification, and authorization of systems using orchestration tools.
  • Collaborate with front-end and back-end developers to secure on-premises and cloud-based applications.

Required Skills

  • 5+ years of total IT experience.
  • 3+ years implementing secure coding practices and guidance including OWASP Top 10, SANS, CERT, CWE Top 25, and Cloud Security Alliance.
  • 3+ years working with compiled and interpreted languages including Angular, React, Node.js, Java, Spring Boot, and .NET stacks.
  • 3+ years in networking, infrastructure, and DevSecOps security automation.
  • 3+ years of hands-on experience building and deploying secure, complex distributed web and mobile applications.
  • Proficiency with SAST, DAST, SCA, ASOC, and Container/Cloud security scanning.
  • Deep understanding of OWASP vulnerabilities: XSS, Injection, SSRF, CSRF, and XML entity attacks.
  • Knowledge of API security, JWT, OAuth/OIDC/PKCE, and web/RESTful API request/response headers.
  • Experience with cloud development in Azure, AWS, or GCP.
  • Ability to use Chrome, Firefox, or Edge development tools to analyze request/response headers.
  • United States Citizenship and ability to pass a CJIS background check.

Preferred Skills

  • Experience with Coverity, BlackDuck, CodeDX, or Fortify.

Key Skills
Education

Bachelor’s Degree

Back To Jobs