SourceBenjamin Moore and Company
- Partner with various stakeholders, including application development teams, PMO, and security operations to drive the Secure SDLC strategy.
- Lead and facilitate secure application design and architecture reviews.
- Conduct application security assessments and penetration tests on web applications, web services, and mobile applications.
- Utilize various commercial and open source tools to conduct periodic static code analysis and dynamic scans.
- Find, validate, and drive remediation of security vulnerabilities, configuration issues, and flaws on application code.
- Prioritize vulnerabilities and research and propose remediation steps.
- Create formal documentation for project planning, builds, and Operations and Maintenance.
- Educate developers on secure development and coding best practices.
- Assist with monitoring activities using various industry standard security tools (e.g., SIEM, DLP, etc.) to identify potential security related issues.
- Participate in and lead product selection, vendor evaluations, and implementations of security technologies.
- Industry security and systems certifications (GIAC-GWEB, CISSP, CEH, GCIH, etc.)
- ITIL Certified and or able to obtain ITIL Foundations Certifications within the next 3 months
- Experience with industry standard application security testing tools such as White Hat, IBM AppScan, HP Fortify, WebInspect, Burp Suite, etc.
- Strong understanding of OWASP Top 10 and other similar frameworks.
- Experience with Agile/SCRUM software development models.
- Expert understanding of Software Development Life Cycle.
- Knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
- Incident Response experience.
- Basic experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.
- Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.