JOB TITLE: Application Security Manager

LOCATION: Dallas,Texas

VISA TYPE: GC/USC/H1B

Job Mode: Hybrid/On-site

JOB DESCRIPTION :

Roles and Responsibilities

• Perform DAST and SAST scans, threat modeling and SCA activities across multiple applications within multiple environments.
• Review source code, identify security vulnerabilities, perform risk analysis, and partner with development team for remediation.
• Create Secure Coding best practices and implement them.
• Perform internal application penetration testing activities and facilitate third party assessments primarily targeting web and other internally developed applications.
• Perform security assessments of existing architecture and make security recommendations.
• Develop AppSec scorecard and Dashboard with metrics.
• Own the Application Security program as a leader and subject matter expert. Provide Vision to mature the program. Develop plans and roadmaps for the program.
• Work with cross functional teams to triage the vulnerabilities, identify false positives and provide recommendations.
• Analyze tools in the market and participate in Proof of Concept and support selection of products/tools.
• Engage with Stakeholders from Application Organization to increase adoption of Security Best Practices and Controls
• Engage with Senior Management to provide Application Risk View for the organization.
• Lead offshore team and provide accountability.

Skills And Experience

• 8-10 years of experience in implementation and administration of App Sec program
• Experience and familiarity with tools such as HCL App Scan, Veracode, Checkmarx, Fortify, Snyk etc.
• Skilled in Active Directory concepts, including users, groups, policies, conditional access etc.
• Solid understanding of IAM protocols, services, and traffic flows for authentication
• Research, Analytical and problem-solving skills.
• Can work with multiple stakeholders, vendors, and management staff.
• Understanding of Application Security including Vulnerability Management
• Experience of guiding customers implement Secure SDLC and driving maturity program
• Stakeholder Management – Reporting, Coordination with App and Infra teams
• Knowledge of application development, network engineering, operating systems, and cloud environments
• Understanding of Application Security Architecture Principles
• Working understanding of Common Vulnerability Scoring System (CVSS) and their application to cyber analysis, knowledge of cyber intelligence lifecycle.
• Good understanding security Threat Modeling
• Knowledge of and familiarity with Enterprise Information Systems (web servers, databases, file sharing, etc.)
• Understanding of common network services (web, mail, DNS, FTP, etc.), network vulnerabilities, and network attack patterns
• Should have good conceptual understanding of Windows, Linux Operating Systems & Networking – TCP/IP Protocol Suite, Application Architecture
• Strong analytical and problem-solving skills.
• Strong communication skills (verbal and written) and interpersonal skills.
• Knowledge of cyber security processes and best practices
• Familiarity of ITIL processes and Service Now
• Good understanding of Dev Ops concepts
• This role will require you to work in flexible shift timings supporting US business hours.

Education

• Bachelors/master’s degree in technology and related fields.
• Security and App Sec related certifications preferably
• CISSP, CISM, and/or International Information System Security Certification Consortium certification is a plus.

Job Type: Contract

Pay: $75.00 - $80.00 per hour

Expected hours: 48 per week

Compensation package:

• Hourly pay

Experience level:

• 6 years
• 8 years

Schedule:

• 8 hour shift

Application Question(s):

• Experience in Common Vulnerability Scoring System? 5yrs
• How many years of experience do you have in Application security program?8yrs

Work Location: In person