What we’ll bring:
· A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools.
· Flexible time off (unlimited), workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and trainings.
· Our culture encourages our people to hone current skills and build new capabilities.
What you’ll bring:
· 3+ years of experience in Information Security or related field
· 2+ years of experience with Application Security & Application Penetration Testing
· Strong understanding of the variety of application development architectures, platforms, methodologies, and supporting operations.
· Understanding of network protocols coupled with experience in one or more of the following: web proxies, web application firewalls, and vulnerability assessment tools
· Experience working in a team-oriented, collaborative environment with a high level of analytical and problem-solving abilities
· Ability to effectively prioritize and execute tasks in a high-pressure environment
· Positive attitude with strong oral and written communication skills
· 4 year college degree in Computer Science or equivalent experience
· Excellent attention to detail
We’d love to see:
· Familiarity or experience with CI/CD systems
· One or more of the following certifications (or similar): GPEN, GWAPT, GWEB, OSCP, CASS, CISSP, eCPPT, etc.
· Familiarity with tools such as Veracode, HP WebInspect and BlackDuck
Impact you’ll make:
· Provide expert level security consultation to project teams, application owners, and general technology teams on relevant security controls and Secure-SDLC process requirements
· Build & Monitor systems that ensure application security policies, coding standards and required security controls are being followed and appropriately mitigating threats
· Oversee required security education initiatives and foster a security-conscious culture within AppDev teams
· Develop, Enhance, and Participate, as needed, in security portion of Secure-SDLC.