Previous Job
Previous
Sr. Application Security Developer (5 years)
Ref No.: 18-00099
Location: New York, New York
Position Type:Direct Placement
Start Date: 05/15/2018
Pay Rate : $ 120,000.00 - 150,000.00 /Year
Sr. Application Security Developer
Location:  NYC
Salary:  120-150K+20% Bonus
 
Position Summary
As a Sr. Application Security Developer, you will be responsible for ensuring all applications and software meet industry security best practices (OWASP), while also allowing the company to provide top-notch services and products to their customers (both internal and external). In this role you will be critical in bridging the gap between customer facing programs and marketing tools and its security philosophy, to prevent any potential security threats or events from affecting our most important asset, our guests.
 
Main Duties / Functions: You will:
  • Be a Security Evangelist who translates security concepts for developers.
  • Improve and support application security tool deployments and developing standards
  • Liaise between Technology's security team and our business users who are interacting with our clients through our applications
  • Own roadmap development and delivery providing program reviews and analysis for the roadmap development to implementation
  • Utilize standard testing methodologies on our applications.
  • Partner with 3rd parties to provide penetration testing services to deliver faster results
  • Work with the Software Engineers, Product Management, and related teams to scope, plan and execute application-level security testing
  • Mentor and support the developers on how to write good security unit tests and promote good security testing frameworks
  • Guide and influence application security programs
  • On the regular perform security assessments and analysis
  • Complete application security design reviews and prioritize all security issues you find
  • Will own the roadmap development and delivery of projects
  • Present penetration testing findings to related teams and provide measurable paths to resolution
  • Deploy programs according to a project management methodology using Agile principles
  • Will work closely with Technology Development teams and teach them about security threats and potential incidents/events
  • Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace
  • Lead internal skills development activities for our teams on the topic of application security and mentoring by conducting insight sharing sessions
 
Required Qualifications: To be successful you should -
  • 3+ years of experience in application security and software engineering
  • CISSP, CSSLP, or OSCP or equivalent experience
  • Experienced with implementing an SSDLC (Secure Software Development Life Cycle) with DAST (Dynamic Application Security Testing), SAST (Static Analysis Security Testing) and NIST Cyber Security Framework
  • Have led and integrated a Bug Bounty program or love finding bugs and reporting on them
  • Possess a strong understanding of red-team assessments - dare we say it's a passion
  • Ability to investigate the impact of security problems
  • Comfortable working in scripting, permissions management
  • Programming experience with several mainstream languages, from .NET, React, R to C#, no language should be a challenge
  • Comfort with providing leadership to the team to determine budgetary requirements, maintenance, support, and growth of a maturing application security program
  • You are happy forging relationships with Development and DevOps teams
  • You pride yourself in influencing decision‐making processes at all levels of a large organization
  • Enjoy describing vulnerabilities and weaknesses to many audiences, and implement effective defensive techniques
  • Experienced and appreciate working with others and sharing knowledge
  • You are metric focused and want to help teams measure the right thing to ensure their success
  • You have an advanced knowledge of programming languages, database design and infrastructure
  • Ability to interact with the security community regarding security vulnerabilities and potential threats
  
Education
Candidates who have completed 60 credits of college-level coursework (representing 2 years), or have shown similar self-development through certifications, trade school coursework, etc. are preferred.

application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing application security C#, CISSP risk, testing