Sr. App Sec Specialist, Inform

Be the first to see
all new Sr. App Sec Specialist, Inform jobs

Sr. App Sec Specialist, Inform Job Description Template

Our company is looking for a Sr. App Sec Specialist, Inform to join our team.

Responsibilities:

  • Other duties as assigned;
  • Improve and support vulnerability management workflows through innovation and continuous improvement;
  • Perform threat modeling and provide security requirements to address the identified threats;
  • Build trust by fulfilling team expectations, guidelines, and work responsibilities as well as holding others accountable for the same;
  • Provide security advisory service and interface with security champions in application development teams;
  • Perform with the passion for excellence through strong execution using technical skills, knowledge, and experience;
  • Collaborate with the development teams and assist early identification and remediation of vulnerabilities;
  • Make fact-based decisions using individual judgement and problem solving;
  • Convey thoughts logically, simply and succinctly in written and verbal communications;
  • Enhance contextual risk reporting based on vulnerability and asset data;
  • Treat people with dignity, respect and fairness and holds others accountable for the same;
  • Produce high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders;
  • Perform application pen testing;
  • Perform application security architecture review using a risk-based approach and based on approved enterprise security architecture and standards;
  • Support and provide guidance on control implementation or vulnerability remediation to the application development and support teams.

Requirements:

  • Solid understanding of common application vulnerabilities, testing methodologies, and remediation best practices (e.g. OWASP, SANS, BSIMM);
  • Understanding of common network protocols and identity and access management best practices;
  • Common application testing tools;
  • Experience performing code review and application security testing;
  • Common attack techniques for web, mobile and services;
  • Must be assertive, methodical and detail oriented;
  • Solid understanding of SDLC and DevOps;
  • Ability to assertively communicate technical information clearly and concisely, commensurate with the audience;
  • Expert knowledge in common application development platforms and language;
  • Knowledge of security industry best practices (e.g. SANS, NIST, CIS);
  • Ability to write scripts/tools to assist in testing;
  • Must be a team player and self-starter;
  • Ability to review and analyze security vulnerability data to identify applicability and false positives;
  • Maintain strict confidentiality of all security issues including legal investigations, Compliance, and HR data requests;
  • Experience in supporting Cloud migration.