Sr. App Sec Specialist, Information Security

Be the first to see
all new Sr. App Sec Specialist, Information Security jobs

Sr. App Sec Specialist, Information Security Job Description Template

Our company is looking for a Sr. App Sec Specialist, Information Security to join our team.

Responsibilities:

  • Build trust by fulfilling team expectations, guidelines, and work responsibilitiesas well as holding others accountable for the same;
  • Perform application pen testing;
  • Support and provide guidance on control implementation orvulnerability remediation to the application development and support teams;
  • Convey thoughts logically, simply and succinctly in written andverbal communications;
  • Perform with the passion for excellence through strong executionusing technical skills, knowledge, and experience;
  • Provide security advisory service and interface with securitychampions in application development teams;
  • Treat people with dignity, respect and fairness and holds othersaccountable for the same;
  • Make fact-based decisions using individual judgement and problemsolving;
  • Collaborate with the development teams and assist earlyidentification and remediation of vulnerabilities;
  • Perform threat modeling and provide security requirements toaddress the identified threats;
  • Develop and maintain secure code libraries, components, bestpractices, checklists and documentation;
  • Other duties as assigned;
  • Keep open lines of communication within the team and collaboratewith group members.

Requirements:

  • Must be a team player and self-starter;
  • Expert knowledge in common application development platforms andlanguage;
  • Ability to write scripts/tools to assist in testing;
  • Ability to assertively communicate technical information clearlyand concisely, commensurate with the audience;
  • Knowledge of security industry best practices (e.g. SANS, NIST, CIS);
  • Experience performing code review and application securitytesting;
  • Maintain strict confidentiality of all security issues includinglegal investigations, Compliance, and HR data requests;
  • Understanding of common network protocols and identity and accessmanagement best practices;
  • Solid understanding of SDLC and DevOps;
  • Must be assertive, methodical and detail oriented;
  • Common attack techniques for web, mobile and services;
  • Ability to review and analyze security vulnerability data toidentify applicability and false positives;
  • Common application testing tools;
  • Solid understanding of common application vulnerabilities, testingmethodologies, and remediation best practices (e.g. OWASP, SANS, BSIMM).