Job Purpose This role is tasked with overseeing and spearheading the management of Application Security across Veritran. This position requires an excellent understanding of architecture, design, and coding in multiple languages. An important part of the role is to support code reviews, vulnerability analysis, review penetration tests, and architectural reviews on new features and existing code. You'll need a strong technical grasp of mobile and web apps, backend services, and penetration methods. You should also enjoy automating tasks, creating tools to find vulnerabilities, and effectively communicating findings through detailed documentation.
The Application Security Specialist is responsible for leading the internal Secure Development Champions Program and Secure Development framework. The role aims to provide security education and guidance to embed and enhance application security across Veritran.
Due to the nature of Veritran's product, which involves handling sensitive financial and personal data, Application Security is crucial for both Veritran and its clients. If you're passionate about securing cutting-edge technologies, possess a strong background in application security, and are eager to master AI security practices, we encourage you to apply for this rewarding position.
Responsibilities Lead and steer application security with all technology teams. Work closely with the Product Security Specialist to deliver enhancements through the integration of security into the Security Development Lifecycle (SDL) process support through the Secure Development Champions Program (SDC) and Secure Development Framework (SDF) program supporting security enhancements on software design for both existing and new features, or for major changes. Maintain documented application security policies, procedures, and requirements by referring to established security standards and best practices, such as OWASP Top Ten, NIST Cybersecurity Framework, and industry-specific guidelines through the SDF program. Develop, implement, and communicate vulnerability mitigation strategies through the SDC and SDF program. Collaborate with cross-functional teams, including development, IT, and compliance teams, to integrate security into the software development lifecycle. Perform/support code reviews, audits, vulnerability analyses, penetration tests, and architectural reviews on new features and on the platform as a whole and provide recommendations on best practices related to application security. Lead, guide, and/or support threat modeling and security code walkthrough efforts. Develop and deploy AI-based threat detection mechanisms to identify anomalies and potential security weaknesses in real-time to be used to support defining enhancements in application security strategies and procedures. Research the latest security best practices, trends, threats and vulnerabilities, and technology frameworks. Research new technologies (e.g., AI and Machine Learning) and their security best practices. Develop, recommend, evaluate, integrate, deploy, and maintain security tools including static and dynamic analyzers. Support testing scenarios and strategies as part of the SDL and QA processes. Assess Technology teams' security knowledge and skills through quizzes, assignments, and practical assessments and provide constructive feedback to help improve their understanding and application of security practices in technology (focus on Application Security). Qualifications Experience as an Application Security Engineer or similar positions. Background in the software development industry. Understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, mobile authentication, and key exchange) strategies. Strong knowledge of industry trends in security technology. Understanding of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.). Knowledge of mobile and web application code reviews (Android, Objective-C, Java, C, C++, C#, Python, etc.), audits, vulnerability analyses, penetration tests, and architectural reviews. Ability to deep dive into data and analyze for security and fraud anomalies. Ability to determine risk based on context. Expertise in mobile and web application development. Expertise in attacking network protocols and analyzing network traffic. Expertise in reverse engineering Android, iOS, and Linux binaries. Expertise in securing infrastructure in public cloud (e.g., AWS, Azure, Google Cloud). Expertise in using SAST, DAST, SCA, and fuzz testing tools. Expertise in automating vulnerability discovery and repetitive tasks. Expertise in building automation tools for security processes for both mobile and web applications. Expertise in developing and implementing one or more of the following: Identity and Access Management, SSO, SAML, OpenID Connect, OAuth2 or MFA technologies. Proficiency in both spoken and written English. Self-management skills. Excellent communication and interpersonal skills. Be willing to go beyond the standard routine. Ability to thrive in a high-pressured environment and crises. Ability to adjust quickly to the security needs of a highly agile organization. Ability to multi-task multiple projects at once and drive for results independently. Ability to correctly balance security risk and product advancement. Methodical and diligent with outstanding planning abilities. Knowledge of reporting procedures and record keeping. Participate in bug bounty programs and security research. Proficient with one or more of the following tools: Micro Focus Fortify and Tenable Vulnerability Scanner. Knowledge of the financial industry's standards and regulations. Background in the financial industry.
#J-18808-Ljbffr
