Engineer, Application Security

About The Position

Requirements

• Have experience with IT Security, Risk Management, or IT Auditing
• Expert knowledge of vulnerabilities as presented on the OWASP top 10
• Extensive experience with agile delivery practices
• Extensive experience integrating security into DevOps practices
• Understanding of networking protocols (IP, DNS, HTTP)
• Extensive experience conducting source code review
• Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.
• Extensive experience dynamic application security testing with tools such as AppScan, Invicti, Qualys WAS, BurpSuite, and OWASP ZAP, etc.
• Experience in Web Application and/or API penetration testing
• Familiarity with common enterprise architectures
• Experience auditing and configuring Akamai security products (WAF, BMP, etc.)
• Excellent organizational and communication skills
• Demonstrated ability to work independently and with others
• Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
• Maintains a proper balance between business and operational risk
• Follows the defined project management standards and processes

Nice To Haves

• Relevant certifications (CISSP, CSSLP, PJPT, OSCP, OSWE, eWPT, GWEB, etc.)

Responsibilities

• Lead and run the Dynamic Application Security Testing (DAST) program
• Serve as a subject matter expert for application development and infrastructure teams
• Partner with application development teams for secure development process adoption and continuous security posture improvement
• Perform end-to-end application security reviews to ensure critical information is appropriately protected
• Assist with Bug Bounty and Vulnerability Disclosure program as needed
• Determine and define project scope, objectives, and deliverable for large-scale application security projects
• Identify metrics and Key Performance Indicators (KPIs) for application security program
• Analyze organization's cyber defense policies/configurations and evaluate weaknesses and vulnerabilities
• Support authorized penetration testing on enterprise network assets and web applications as needed
• Support purple team exercises and breach and attack simulations as needed
• Participate in the creation of effective and efficient processes to drive successful reduction of risk within VF
• Research and advocate for new security solutions and technologies
• Ensure the highest levels of security practices are maintained by VF through projects, implementations
• Establish communications with associates related to threats, vulnerabilities, processes and security risks across a global landscape
• Advocate and evangelize the importance of Threat and Vulnerability management within VF and socialize through internal channels

Benefits

• Annual incentive plan
• Sales incentive
• Commission potential