Application Security Architect (Penetration Tester)

Scope:The role of the Application Security Senior Engineer is to work closely with information technology and development staff to help implement secure systems, tools, and processes. As an engineer, you will be responsible for performing determining the technology that is implemented within the application security team, being an expert and mentor on all technologies used by the security staff, researching new security trends and improvements, getting new staff members up to speed on internal projects and new development, and providing direction and management of assigned projects. Additionally, engineers will look for opportunities to collaborate and educate other departments that are impacted by application security projects and processes.Our current technical environment:Software: Java, Springboot, Gradle, GIT, Hibernate, Rest API, OAuthApplication Architecture: Scalable, Resilient, event driven, secure multi-tenant Microservices architectureCloud Architecture: MS Azure (ARM templates, AKS, HD insight, Application gateway, Virtue Networks, Event Hub, Azure AD)Frameworks/Others: Kubernetes, Kafka, Elasticsearch, Spark, NOSQL, RDBMS, Springboot, Gradle GIT, IgniteWhat you’ll do:Performa manual code reviewsThreat modelingSecurity reference architecture as it relates to product/application developmentIn depth knowledge of Burp suite, metasploit, Checkmarx or Code QLWork with development to ensure false positives are verified and documentedUnderstand how to identify, exploit, and remediate the OWASP Top 10, SANS 25 software flaws, and other vulnerabilities through use of tools and code review and propose solutions for advanced development situationsUse expertise in penetration testing, tools, and security methodology to develop new talent within the application security teamDetermine best tools or development to accomplish SAST and DAST needsEnhance department processes through scripting and developmentTrain new department staff and developers in application security concepts and maintain training environment and infrastructureDevelop and manage all application security projects as necessary, in areas such as: development, penetration testing, and/or system procurementIdentify gaps in application architecture, internal processes, and training to help guide the improvement of the departmentPrioritize projects that will have the biggest impact on the application security programMaintain a professional working relationship with other departments through clear communication and project level collaborationsAbility to work flexible hours, including weekends and evenings if neededAvailability to respond to emergency situations as requiredPerform additional duties and assignments as requestedWhat we are looking for: Bachelor’s degree in Technology Required, Computer Science Degree Preferred7+ years of secure development, penetration testing, and/or architecture experienceExpert knowledge of application vulnerabilities, exploits, and remediation techniquesExperience with current web application technology and concepts including containerization, development operations, and mobile technologiesFamiliar with dynamic and static testing tools and techniquesFamiliar with secure coding principles and application architectureComfortable with public speaking and training others on security principlesAbility to work as part of a larger team to find solutionsExcellent communication skillsCSSLP, CISSP, GWAPT, OSCP, or similar certificationsOur ValuesIf you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core ValuesDiversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.