Security Specialist – (Onboarding)

PayRange: $55/hr to $60/hr

Location: Richfield,MN (Day 1 ONSITE)

The Security Specialist will formulate plans and work towards client Development team to integrate build tools with Enterprise security tools. The Specialist will identify security weaknesses and evaluate the risk posture. This role will be responsible for security services delivery, including the use of application security tools for detection, triage, and remediation of security weaknesses. The Specialist will partner with our client development and business teams to explain relevant security weaknesses and provide guidance for remediation. The Specialist is also responsible of preforming manual/automated security analysis and look for loopholes of applications written in different programming languages.


Responsibilities

1. Perform triage of the results found by tools to determine true positives and eliminate the false positives.
2. Develop proof of concepts to demonstrate the severity of the attacks to the developers.
3. Work with the development teams to integrate their build process with the automated scan tools.
4. Conduct kick off meetings with application team to understand the applications architecture, business logic and source code repository
5. Assess and report security weaknesses and their risk according to client//’s application penetration testing methodology
6. Document and report security weaknesses in client systems and provide detailed reports to appropriate development and business teams
7. Work directly with Client development teams to provide remediation guidance for identified security weaknesses
8. Identify testing methodology or process improvements and make recommendations to EIP Application Security Teams
9. Perform other security checks like Authorization, session management, SSL test, encryption algorithms check to look for issues.
10. Organize onboarding meetings with application teams to explain them the details of security testing engagement, Secure SDLC and the timelines for each project.
11. Perform personal research to stay current on security trends, new vulnerabilities, and technology
12. Other duties as assigned

Basic Qualifications

1. Direct full-time information security, static code review, remediation, testing, software development, or software engineering.
2. Familiarity with popular web application languages and platforms. For example, JavaScript, HTML, .NET, Java Groovy, and Python or other similar technologies.
3. Knowledge of secure development of web applications and mobile applications
4. Hands on experience leading technical integration-heavy in modern security tools, especially; Checkmarx SAST, CheckmarxOne, NexusIQ, and/or Blackduck, Veracode, Snyk.
5. Experienced in conducting end-to-end static analysis, using at least one commercial, application scanning tool.
6. Experienced in application onboarding, triaging, remediation with application teams and verifying proposed findings.
7. Hands-on development experience, working with, or developing RESTful APIs in a modern, automated development environment – including a deep understanding of CI/CD.
8. Organize, maintain, and report on project workflows, statuses, and technical tasks.
9. Identify, facilitate, and track on-going process and automation-based process improvements.
10. Ability to quickly adapt to new technologies, tools and techniques
11. Ability to perform in a fast paced, dynamic work environment and meet aggressive deadlines
12. Ability to work with technical and non-technical team members
13. Strong technical writing and verbal communication skills

Experience Qualifications

1. 5+ years of experience SAST and SCA security tools; Checkmarx and CheckmarxOne, and Nexus IQ
2. 5+ year of experience developing new queries and customizing the existing security tools queries that are not out of the box to find new vulnerabilities
3. 5+ years of experience conducting end-to-end SAST and SCA analysis, using commercial application scanning tool.
4. 5+ years of experience application onboarding, triaging, remediation with application teams and verifying proposed findings.
5. 3+ years of recent, hands-on development experience, working with, or developing RESTful APIs in a modern, automated development environment – including a deep understanding of CI/CD.
6. 3+ years, with expert-level skills, in SDLC workflow management tools like Jira, Confluence, SharePoint or similar.

Education Requirements
Bachelors degree in Information Systems, Computer Science, Software Engineering, Computer Engineering or an equivalent field

Please refer the Job description for details