Looking to onboard an onsite contractor to assist with our application security program and the onboarding of applications to Veracode.
Responsibilities:
- Assist in onboarding application teams and applications to Secure SDLC controls (e.g., SAST, DAST) including remediation guidance, issue tracking and metrics
- Assist in integration of security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process
- Provide remediation coaching to development teams on how to build a more secure application, including explanations of risk assessment, e.g. likelihood, impact, and the OWASP Top 10.
Qualifications:
- Experience with Veracode SAST, DAST and Nexus IQ
- Subject matter expertise in application security and vulnerability assessments
- Strong knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerability detection and mitigation
- High degree of accuracy and attention to detail
- Excellent organization skills and ability to multitask
- Familiarity in .NET or Java is desirable
- Familiarity with IDEs, e.g. Visual Studio, eclipse or IntelliJ IDEA
- Familiarity with ServiceNow, Jira
- Familiarity with build systems such as Bamboo, Jenkins, AWS native build tool