Security Specialist - Application Security - IAST/RASP

About The Position

Requirements

• Demonstrated experience in software development with comprehensive knowledge of application security is essential.
• Software Development background preferably in Java and/or .NET
• Good verbal and Written communication skills.
• University / college degree, with 5+ years of industry-relevant experience. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

• Familiarity with Interactive Application Security Testing (IAST), Runtime Application Security Protection (RASP), or Application Detection & Response (ADR) is preferred but not mandatory.
• Experience in incident response pertaining to application attacks is an advantage.

Responsibilities

• Identify, evaluate, and mitigate application security risks throughout the entire software development lifecycle (SDLC)
• Maintain a thorough and practical understanding of the OWASP Top 10 web application risks, providing guidance on appropriate mitigation strategies to relevant teams.
• Proficiency in triaging and remediating web application security vulnerabilities is required.
• Manually validate compensating controls to ensure application teams effectively address identified vulnerabilities when direct remediation is not immediately possible.
• Collaborate closely with application and engineering teams to promote secure coding practices and enhance overall application security posture.
• Analyze and manually validate RASP findings, distinguish legitimate application attacks from false positives, and work with application teams to remediate confirmed issues efficiently.
• Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation.
• Performs investigation and data loss prevention, data manipulation, and coordination of activities.
• Performs actions to address or mitigate risks and vulnerabilities.
• Reviews and defines controls.
• Advises on more complex security procedures and products for clients, security administrators and network operations.
• Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion.
• Shares knowledge with staff.
• Conducts security assessments and other information security routines consistently.
• Investigates and recommends corrective actions for data security related to established guidelines.
• Develops policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats.
• Oversees that business needs are being met during development.

Benefits

• medical/prescription drug coverage (with a Health Savings Account feature)
• dental and vision options
• employee and spouse/child life insurance
• short and long-term disability protection
• 401(k) with PNC match
• pension and stock purchase plans
• dependent care reimbursement account
• back-up child/elder care
• adoption, surrogacy, and doula reimbursement
• educational assistance, including select programs fully paid
• a robust wellness program with financial incentives
• maternity and/or parental leave
• up to 11 paid holidays each year
• 9 occasional absence days each year, unless otherwise required by law
• between 15 to 25 vacation days each year, depending on career level; and years of service.