USC/GC/H4-EAD
Zoom
Need LinkedIn
Open to fully remote or hybrid 1/day a week in Chesterfield, Missouri
Pay/Bill Rate: On the permanent side, the salary for this role is between
$84,000-$110,000. Please ensure candidates are comfortable within that range and submit bill rate based on hourly pay rate.
Requirements
- 2+ years’ experience in information systems security.
- Knowledge of OWASP Top Ten application security assessments and code reviews
- Knowledge of security testing tools such as Burp Suite or Zed Attack Proxy.
- Working knowledge of SAML, OAuth, Okta (or equivalent software) and secure software development lifecycle SSDLC methodology
- Experience in SOC 2 compliance and in interpreting vendor SOC 2 information.
- 5+ years’ experience in information systems security.
- Experience in languages like JavaScript, Groovy, Python/Shell/AWK a plus.
- Experience in GDPR compliance, NIST 800-53 security controls
The following certifications are not mandatory but considered an asset: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), GIAC Web Application Defender (GWEB)
Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) experience preferred
Position Overview
Responsible for participating in application security assessments and remediation activities while working closely with application development teams ensuring the teams adhere to the secure software development lifecycle (SSDLC) framework. This involves gaining knowledge of the business processes involving network, architecture, relationship between systems, and systems flow of end-to-end designs with an application security focus.
Responsibilities
- Configures application security static and dynamic scanning
- Interprets dynamic and static security scan results and ensures proper technology risk considerations are addressed for the secure software development life cycle (SSDLC)
- Evangelizes application security program fundamentals, tools, processes among delivery teams
- Coordinates testing activities including traditional penetration testing as well as developing automated security QA testing
- Participates in threat modeling, code reviews, and design reviews for security/privacy.
- Provides consultations and guides development teams toward best practices across all stages of the SSDLC process
- Automates and integrates security into development processes and CI/CD pipelines
- Interprets corporate security guidelines to cloud adoption framework
- Creates “detective” reporting using automation techniques
