MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious
3

Application Security Engineer

Location Dallas, United States
Posted 02-October-2021
Description

Prefer local candidates in Dallas first but willing to look at NY/NJ candidates.

MUST HAVE

Proficiency in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.

Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, JavaScript, Python.

NICE TO HAVE

One or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).

Role: Application Security Engineer (Manual Source Code Review)

Job type: Contract

Contract duration:12 Months

Desired start date:11/01/2021

Job function: Information Technology

Industry: Financial Services

Experience level: Mid-senior

Education level: Bachelors degree

Job classification: Technical

Location: Dallas, TX will also consider Jersey City, NJ

Zip code:75019

Skills: Application Security, OWASP, SANS CWE, Programming, Scripting, OAUTH, Code Review, Manual Source Code Review

Experience required:10 Years

Relocation assistance: No
Prefer local candidates

Visa requirement: s, holders preferred
Will also Consider and L2 EAD

Number of positions:1

Position Summary
The Application Security Manual Secure Code Reviewconsultant is responsible for the Manual secure code review and assessment of DTCCs in-house developed source code of Web/Non-web and cloud apps, APIs using manual approach primarily, develop and leverage custom scripts and tools as required. The individual should possess strong knowledge of Secure coding principles across widely used programming languages (Java, Angular/Node JS, Java Script, Python, Ruby etc.) along with excellent communication, analysis and organizational skills.

Interaction with DTCC developers (Application Development) to gather application source code details, conduct code review and provide technical assistance in remediating application security issues will be part of the responsibilities

Responsibilities

Proficient in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworksExperience with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. Tomcat, .Net, MS SQL, etc.).Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, Java Script, Python.Should have a solid understanding of security controls and how they apply to different designs and systems.Understand, highlight and articulate risk to product owners in an understandable language.Knowledge of DevSecOps and development pipeline integration and automation.Knowledge in Cloud and Containers infrastructure. AWS, Azure and docker experience is a plus.Document vulnerabilities and work with developers on vulnerability mitigationPerform re-reviews to validate the fixes on the reported vulnerabilities.Provide excellent coordination with local teams (which includes vendor consultants), onsite team and various other support teams in DTCC organizationProvides regular status updates on all assigned tasks and deliverables.Attend meetings with all involved stakeholders from TRM and IT leads to provide updates and de-brief when required.

Qualifications

At least 10 years of progressive development experience with 4+ years in Secure Code review and Application Security.Proficiency with Application Security best practices with more focus secure coding guidelinesExperience in performing manual secure code review of popular web application programming languages (Java, Javascript, Angular, Python, Perl, optionally Objective-C, etc.).Demonstrated proficiency of troubleshooting techniques and detail-oriented problem-solving mindsetAbility to conduct research into technical issues, standards, and productsGood written and verbal communication skills and the ability to interact well with different levels within the organizationHave one or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).

Tony

Salesforce Atlanta Consulting Solutions LLC

Email:tony@sacs-us.com

Phone:,

4275 Harvest Turn Lane, Cumming, GA - 30022

 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url