JerseyCity, New Jersey
Accuvantis seeking an Application Security Managing Consultant to lead the application security program in a large international enterprise.
Contract Length:
6 months
The analyst will be responsible for the following:
- Lead a team of application security specialists.
- The Application Security Managing Consultant will develop, implement,and manage software security controls in the software development lifecycle (SDLC).
Position Requirements:
No clearance required
Desired Education:
Bachelor's degree preferred
Desired Experience:
6-8 years of experience creating best-practice processes and implementing application security programs within large enterprises inclusive of:
- Threat modeling, including profiling an application, identifying threats, and developing test cases to target identified threats.
- Leading staff in application vulnerability testing and code review,issue tracking and issue resolution.
- Communicating the business impact of identified vulnerabilities and report on mitigation steps and progress.
- Managing the way in which metrics are gathered and tracked in the application vulnerability reporting and remediation process.
- Optimization of the application vulnerability scanning process involving tools such asAppScan, NTO Spider and WebInspect.
- Providing direction for the static analysis and code review activities involving tools such as Ounce, Fortify and AppScan Source Edition .
-Leverage development experience in Java/.NET/C and C++/shell scripting in the application vulnerability identification and remediation process, and the creation of specialized scripts and utilities.
- Advanced understanding of web architecture and protocols (HTTP(S), TCP/IP,ARP, SMTP, DNS, etc).
- Advanced understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc)
- Very strong written and verbal communications skills
- Very strong project management and leadership skills
- Ability to manage technical resources.
Desired Certifications:
- Certified Secure Software Lifecycle Professional (CSSLP) preferred.