Essential Duties and Responsibilities:
- Support the Application Security program working closely with the DevOps, Application Development, Product Management, and QA teams.
- Work alongside engineering and security teams, providing expert leadership and advice on secure architecture, design, and implementation
- Conduct threat modeling, architecture review and application security assessments and mentor colleagues with your expertise and knowledge
- Assist in performing application vulnerability assessments and penetration testing
- Review and approve security of development efforts throughout the SDLC
- Heavily contribute to the development, adoption and enforcement of the Application Security program including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, review methodologies, security test cases, etc.
- Act as liaison between the Information Security, Compliance, Development, QA, DevOps, and Infrastructure teams to address identified vulnerabilities and other risk exposures in ConnectWise software environments
- Assist with secure design and remediation efforts. Provide vulnerability remediation guidance and mentoring to product development software engineers
- Support the assessment and acquisition of application security tools and technologies.
- Provide security training and coaching as needed
- Work alongside other security analysts and security engineers to support the ConnectWise information Security Program by identifying risks, threats, and anomalies in the environment
- Other security-related projects that may be assigned according to skills
Knowledge, Skills, and/or Abilities Required:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- 7+ years of IT security experience, with an emphasis on application security
- Proven working experience with threat modeling and application penetration testing techniques
- In-depth knowledge of application security concepts, best practices, and architectures for web, mobile, API, Microservices, networks and data
- Experience implementing application security frameworks such as BSIMM and SAMM
- In depth comprehension of OWASP Top 10 / SANS 25
- Experience establishing and integrating security controls into all forms of SDLC
- Expertise in working with application development, QA, and DevOps teams to mitigate and address application threat vectors
- Experience with manual penetration testing as well as dynamic web application vulnerability scanning tools and services.
- Familiarity with static code analysis tools and services
- Strong documentation skills in writing application security policies, procedures and standards
Educational/Vocational/Previous Experience Recommendations:
- Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Management Information Systems or equivalent work experience required
- Application development / software development experience, understanding of security protocols and APIs highly desired
- Current security certifications (e.g. CISSP, CISM, GIAC, OSCP, etc.) desired
- Curious, inquisitive, lifelong learner and self-starter
- Experience with agile software development methods