Sr. App Sec Specialist, Information Security Job Description Template
Our company is looking for a Sr. App Sec Specialist, Information Security to join our team.
Responsibilities:
- Build trust by fulfilling team expectations, guidelines, and work responsibilitiesas well as holding others accountable for the same;
- Perform application pen testing;
- Support and provide guidance on control implementation orvulnerability remediation to the application development and support teams;
- Convey thoughts logically, simply and succinctly in written andverbal communications;
- Perform with the passion for excellence through strong executionusing technical skills, knowledge, and experience;
- Provide security advisory service and interface with securitychampions in application development teams;
- Treat people with dignity, respect and fairness and holds othersaccountable for the same;
- Make fact-based decisions using individual judgement and problemsolving;
- Collaborate with the development teams and assist earlyidentification and remediation of vulnerabilities;
- Perform threat modeling and provide security requirements toaddress the identified threats;
- Develop and maintain secure code libraries, components, bestpractices, checklists and documentation;
- Other duties as assigned;
- Keep open lines of communication within the team and collaboratewith group members.
Requirements:
- Must be a team player and self-starter;
- Expert knowledge in common application development platforms andlanguage;
- Ability to write scripts/tools to assist in testing;
- Ability to assertively communicate technical information clearlyand concisely, commensurate with the audience;
- Knowledge of security industry best practices (e.g. SANS, NIST, CIS);
- Experience performing code review and application securitytesting;
- Maintain strict confidentiality of all security issues includinglegal investigations, Compliance, and HR data requests;
- Understanding of common network protocols and identity and accessmanagement best practices;
- Solid understanding of SDLC and DevOps;
- Must be assertive, methodical and detail oriented;
- Common attack techniques for web, mobile and services;
- Ability to review and analyze security vulnerability data toidentify applicability and false positives;
- Common application testing tools;
- Solid understanding of common application vulnerabilities, testingmethodologies, and remediation best practices (e.g. OWASP, SANS, BSIMM).