Sr. App Sec Specialist, Inform Job Description Template
Our company is looking for a Sr. App Sec Specialist, Inform to join our team.
Responsibilities:
- Other duties as assigned;
- Improve and support vulnerability management workflows through innovation and continuous improvement;
- Perform threat modeling and provide security requirements to address the identified threats;
- Build trust by fulfilling team expectations, guidelines, and work responsibilities as well as holding others accountable for the same;
- Provide security advisory service and interface with security champions in application development teams;
- Perform with the passion for excellence through strong execution using technical skills, knowledge, and experience;
- Collaborate with the development teams and assist early identification and remediation of vulnerabilities;
- Make fact-based decisions using individual judgement and problem solving;
- Convey thoughts logically, simply and succinctly in written and verbal communications;
- Enhance contextual risk reporting based on vulnerability and asset data;
- Treat people with dignity, respect and fairness and holds others accountable for the same;
- Produce high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders;
- Perform application pen testing;
- Perform application security architecture review using a risk-based approach and based on approved enterprise security architecture and standards;
- Support and provide guidance on control implementation or vulnerability remediation to the application development and support teams.
Requirements:
- Solid understanding of common application vulnerabilities, testing methodologies, and remediation best practices (e.g. OWASP, SANS, BSIMM);
- Understanding of common network protocols and identity and access management best practices;
- Common application testing tools;
- Experience performing code review and application security testing;
- Common attack techniques for web, mobile and services;
- Must be assertive, methodical and detail oriented;
- Solid understanding of SDLC and DevOps;
- Ability to assertively communicate technical information clearly and concisely, commensurate with the audience;
- Expert knowledge in common application development platforms and language;
- Knowledge of security industry best practices (e.g. SANS, NIST, CIS);
- Ability to write scripts/tools to assist in testing;
- Must be a team player and self-starter;
- Ability to review and analyze security vulnerability data to identify applicability and false positives;
- Maintain strict confidentiality of all security issues including legal investigations, Compliance, and HR data requests;
- Experience in supporting Cloud migration.