Application Security Professional (Sunnyvale, CA)
This is not be a developer position, rather a position that involves code review and partnering up with developers / vendors for remediation purposes. The ideal Application Security professional will have hand on experience with vulnerability management and SAST/DAST tooling.
Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
Own and perform application security vulnerability management.
Facilitate and support the preparation of security releases.
Support and consult with developers and vendor teams in the area of application security.
Assist in development of automated security testing to validate that secure coding best practices are being used
Experience with application security designing, building, testing, and operating custom public-facing web applications and APIs including:
3+ years of experience with Dynamic Application Security Testing (DAST) is required
3+ years of experience with Manual Application Security Testing (App Pen Testing) is required
2+ years of Static Application Security Testing (SAST) is required
1+ year of API Security testing is preferred
1+ year of Mobile Application Security Testing is preferred
Experience with application security tools (Checkmarx, AppScan, Fortify, Inspect etc.)
Stay current with best practices and industry standards in secure coding
Understanding the requirements of securing cloud, thick client, web, and mobile applications
Help and guide educate Client application developers in secure coding in the development Squad they are embedded.
Collaborate with client’s Information Security team on setting the application security standards and remediate any vulnerabilities.