Principle duties include:
· -Ensuring security policy requirements are properly applied to applications throughout the entire development life cycle.
· -Ensuring business units understand security policy requirements and factor them in to their activities.
· -Create and maintain partnerships across software engineering, application infrastructure and TIR.
· -Apply a risk based approach to address issues and vulnerabilities found in both production and pre-production applications.
· -Bachelor's degree or equivalent in Computer Engineering, Computer Science or a related field of study and at least 2 years of progressively responsibleexperience within the application security space/development background.
· -Prior experience can include: performing penetration tests, vulnerability assessments and infrastructuresecurity reviews for web applications and their supporting networkinfrastructure; and performing secure coding review.
· -Experience with securityarchitecture, digitalsecurity methodologies and deployments and threat modeling is a plus
· -Strong understanding and experience of SDLC methodologies
· -Demonstrated team-oriented interpersonal skills, positive impactful communications, business partnership, and project management skills.
· -Ability to collaborate and build positive relationships across multiple stakeholders
· -Agile thinking and analysis that leads to win-win and innovative solutions for the firm
· -Knowledge of static code scanning tools such as Fortify, AppScan, Checkmarx, etc.
· -Knowledge of development tools such as Jira, Maven, Jenkins, TeamCity, Artifactory, etc. is a plus
· -Familiarity with various industry audit standards including PCI-DSS, SSAE-16 and FFIEC
· -Ability to prepare and present project ideas to senior management