Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Triage security vulnerabilities to eliminate false positives and work with the developers for remediation. Classify the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
Implement Secure Software Development Life Cycle (S-SDLC) processes and develop secure coding practices for web applications, including database and middleware systems.
Formalize EquiLend’s IT Security and Risk Management Program including the documentation of Policies and Procedures and the Adoption of industry standard Information Security and IT Operations frameworks and best practices (i.e. NIST, OWASP, SOC2, ITIL).
Review/establish Security Incident Handling/Response and Risk Management controls and procedures
Administer periodic Pen Tests and routine vulnerability scans
Interface with our client’s vendor/procurement teams to manage risk assessments and security audits
Responsible for rapid enhancement of high level security source code review and ethical hacking/penetration testing of Java, Java EE, JSP, ASP.NET, Shell script, web based applications
Research and analysis of industry trends, best practices, and regulatory requirements.
Manage infrastructure security for large scale projects spanning multiple regions and data centers
Bachelor degree in Computer Science or related technical field
Individual with min of 8 years of technology experience
Security professional experienced in application-level security, network security and secure design/development.
CISSP, CISM or equivalent certification
Relevant work experience with industry standard Information Security and IT Operations and Risk Frameworks such as NIST, OWASP, SOC2, ITIL, ISO, etc).
Knowledge in Threat and Vulnerability Management, Information Risk and Governance, Incident, Security Strategy, and Business Resiliency (BCP/DR).
Strong knowledge in manual and automated security testing for Web Applications, proficient in understanding application level vulnerabilities like Cross Site Scripting (XSS), SQL Injection, ClickJacking, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc.
Ability to exercise sound judgment regarding findings and make effective recommendations to management.
Ability to work effectively with people from many different disciplines with varying levels of technical experience
Knowledge of generally accepted information security audit standards, IT risk policies, and controls
Experience with Identity and Access Management (IAM) and development of user roles and policies for user access management.
Previous experience in implementing OAuth2.0, SAML and Single Sign-on (SSO) for corporate applications.
Experience managing security in public cloud (AWS) is strongly preferred
Hands on prior experience in Java and Web technologies, Restful web services
Familiarity with Linux
Strong analytical skills to solve problems
Strong written and verbal communication skills, good judgment, high ethical standards, and a strong work ethic are a must