Job Description
- Manually and automatically reproducing security defects to provide Engineering with the visual outcome of exploits
- Reproducing Escalation of Privileges
- Reconnaissance Skills
- Pen Testing Skills
- Forensics Skills
- Understanding various Cloud Architecture and their best security practices, including AWS/Azure/Google Cloud. Able and willing to provide Architecture review for a vendor product.
- Understanding DB-s and importance of Data Security, DB owner permissions from the application config file, etc…
- Providing Application Threat modelling: Threats vs. Vulnerabilities. Implementing Risk Acceptance process with the sign off by management
- Providing Risk Assessment to existing projects
- Participate in the Dev Projects and provide Business/Systems Security Requirements.
- Tracking found Security Vulnerabilities for remediation and/or Risk Acceptance.
- The candidate should be a Security Evangelist
- Provide AppSec training to the Development Community
- Fluent in various coding languages and knows and able to apply the skills to move projects forward: Java/Python/Terraform/Go lang
Job Responsibilities
- Implement Sound Vulnerability Management Program with the Risk Acceptance process.
- Get buy in from the Engineering Community.
- Implement SAST Scanning with the Security Policy within CI/CD Pipeline.
- Implement automated DAST Scanning within the QE process.
- Enforce Security Gates within SonarCloud.
- Provide Quarterly Phishing Campaign.
- Automate Container Scanning as a part of the Vulnerability Management Process.
- Create a PlayBook for DDOS protection.
- Research various Threat Hunting Platforms and come up with proposals for HM needs.
