Associate Principal, Application Security
Location: Chicago
Compensation: $130,000 - $160,000
Glocomms are partnered with a critical infrastructure financial services firm in the search for an Application Security specialist to spearhead software development initiates and operations whilst collaborating with Application Services, QA, Security Engineering, and IT teams across the firm.
Key responsibilities:
- Application Security Testing including manual source code reviews, manual penetration tests, and the use and upkeep of self-managed and cloud-based security scanning technologies.
- Vulnerability Management including the entire lifecycle management of application vulnerabilities through remediation in accordance with SLAs, threat and risk assessments, mitigations for false positives, and cataloguing.
- Continuously reviewing and automating procedures to guarantee only code which has been verified and deemed secure is delivered to production.
- Create scripts to include security tools into the Jenkins pipeline and assist development teams decipher pipeline vulnerability verification report data in order to remediate vulnerabilities.
- Create and implement process and procedural documentation, gather information for audits, and carry out administrative and regulatory control tasks.
- Improve current security coverage and procedures, evaluate the current toolkit, and assist in implementing new tools and processes into the firms environment.
Qualifications:
- 5+ years of experience in AppSec, DevOps, Security Engineering, etc.
- Programming proficiency with Java, J2EE, Spring, Python, etc.
- Well-versed carrying out AppSec manual pen-testing using tools such as Kali Linux, Burp Suite, Postman, etc.
- Knowledge of security architecture design.
- Hands-on experience using or evaluating the results of development pipeline and automated code scanning tools
- Knowledge of security best practices (e.g., OWASP) and principles and techniques, including those for auditing, access control, authorization, and authentication.
- Knowledge of application authorization and authentication solutions, such as RSA SecurID/ACE, NS Active Directory, CA SiteMinder, and LDAP
- Understanding of application frameworks, including Sun J2EE, MS.NET, OMG CORBA, Spring, etc., and their built-in security services and APIs.
- Understanding of Cloud Security and Secure DevOps Concepts;
- A general understanding of cryptography, including PKI, SSL/TLS, digital signatures, symmetric and asymmetric encryption, message digests, certificates, and so forth.
