Job Description

Hands on Experience/ Primary Duties: 

• Cyber Threat modeling and risk assessment
• Cybersecurity requirements definition, code review, design guidance for development teams
• Cybersecurity testing to include pen testing and formal verification efforts where needed
• Deliver secure code review assessment on programming languages such as Java, C#, PHP, Python, Perl, C/C++ , SQL, >
• Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
• Train and assist developers in writing secure software and remediating existing vulnerabilities
• Develop and review custom vulnerability description, business impact and remediation content
• Develop, research and recommend open-source tools assisting in secure code review
• Contribute to development and delivery of secure coding and remediation training
• Mentor and assist team members in effectively delivering assessments and enhancing skillsets
• Recommend best practices to integrate and automate application security testing in SDLC

Basic Qualifications:

• 3+ years of experience in application security including secure code review, web application penetration testing or threat modelling
• 2+ years of experience in secure code review / static application security testing
• Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
• Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience
• Bachelor's Degree in Computer Science/ Engineering or equivalent with GPA of 3.0 or higher

Preferred Qualifications:

• Experience in detecting, analyzing, and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, PHP, Python, Perl, C/C++ , SQL, >
• Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube
• Experience in software development in at least one server-side programming language
• Experience in integrating static application security tools

- provided by Dice