The Application Security COBOL Secure Code Review Consultant is responsible for the secure code review and assessment of client's COBOL applications using various application security tools and manual methods. The individual should possess strong knowledge of IBM Mainframe technologies, application software expertise, along with excellent communication, analysis and organizational skills.
Interaction with client developers (Application Development) to gather application details, conduct code review and provide technical assistance in remediating application security issues will be part of the responsibilities
Conduct Static Application Security Testing (SAST) / source code analysis, application security audits, risk analysis, vulnerability testing and security reviews of Mainframe COBOL applications
Use automated and manual code review techniques to identify application security vulnerabilities
Prepare COBOL Security Assessment Report that outline the security findings, severity ratings and recommend remediation's and best practices
Provide guidance and technical assistance in remediation of application security issues / vulnerabilities
Manage tools, servers and infrastructure supporting the application source code review and analysis program. Work with infrastructure, database and application development team to ensure optimal use of tools during the security review process.
Document vulnerabilities and work with developers on vulnerability mitigation
Perform re-reviews to validate the fixes on the reported vulnerabilities.
Provide excellent coordination with local teams (which includes vendor consultants), onsite team and various other support teams in client's organization
Provides regular status updates on all assigned tasks and deliverables.
Attend meetings with all involved stakeholders from TRM and IT leads to provide updates and de-brief when required
Bachelor's degree in preferred with master's or equivalent experience.
Minimum of 6 years of application security related experience.
Financial Services Industry experience a plus but not required
Proficiency with Application Security best practices
Knowledge and Skills Required:
Experience in COBOL and IBM Mainframe technologies are required.
Exposure on the Application security source (COBOL) code manual review and usage of any analyzer tools is required.
Knowledge of secure development techniques including OWASP Top 10, tools and methodologies
Good knowledge of SDLC practices (Waterfall, Agile) and secure software development
Demonstrated proficiency of troubleshooting techniques and detail-oriented problem-solving mindset
Ability to conduct research into technical issues, standards, and products
Work closely with onsite and offshore teams
Good written and verbal communication skills and the ability to interact well with different levels within the organization
Technical certifications such as CCSSLP, CISSP, CEH is a positive
Prefer IBM Mainframe COBOL certifications