Hands on Experience/ Primary Duties: 

•       Cyber Threat modeling and risk assessment

•       Cybersecurity requirements definition, code review, design guidance for development teams

•       Cybersecurity testing to include pen testing and formal verification efforts where needed

•       Deliver secure code review assessment on programming languages such as Java, C#, PHP, Python, Perl, C/C++ , SQL, >

•       Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques

•       Train and assist developers in writing secure software and remediating existing vulnerabilities

•       Develop and review custom vulnerability description, business impact and remediation content

•       Develop, research and recommend open-source tools assisting in secure code review

•       Contribute to development and delivery of secure coding and remediation training

•       Mentor and assist team members in effectively delivering assessments and enhancing skillsets

•       Recommend best practices to integrate and automate application security testing in SDLC

Basic Qualifications:

•       3+ years of experience in application security including secure code review, web application penetration testing or threat modelling

•       2+ years of experience in secure code review / static application security testing

•       Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code

•       Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience

•       Bachelor's Degree in Computer Science/ Engineering or equivalent with GPA of 3.0 or higher

Preferred Qualifications:

•       Experience in detecting, analyzing, and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, PHP, Python, Perl, C/C++ , SQL, >

•       Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube

•       Experience in software development in at least one server-side programming language

•       Experience in integrating static application security tools in CI/CD environment