Location: Tempe, AZ
- Working with application development and QA teams across multiple products to: Review, evaluate and prioritize vulnerability findings
- Provide SME support on secure code implementation, design and architecture.
- Threat-modeling & risk analysis
- Participate in providing annual OWASP & PCI training for developers
- Helps maintain updated Secure Coding Best Practices
- Common application level vulnerabilities
- Risk Management
- Findings/vulnerability prioritization
- Mitigation strategy
- Controls Evaluation – Review, validate, recommend and create standards
- Review of open-source development libraries for security risks
- Web application firewall (WAF) rule development and implementation
- Security technologies review and recommendations
- Qualifications: Bachelor of Computer Science or similar – 6 or more years of experience in applying Information Security best practices to Information Technology assets plus 5 or more years of experience with software development.
- Experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews –
- Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them – Solid understanding of Information Security in general and the specific behaviors that would secure client information assets –
- Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand; and ability to effectively communicate with both non-technical and technical people –
- Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges – Ability to work well inside and outside the team.