What you'll do
- Develops security protective and monitoring controls and solutions for applications and services running on public cloud platforms including AWS, Azure, or GCP.
- Creates and assesses security solutions for SaaS and PaaS services, such as Salesforce or O365.
- Defines, implements, and maintains corporate security standards and procedures.
- Conducts and supports cybersecurity risk and control assessments.
- Maintains a strong understanding of security requirements within regulation and legislation applicable to the industry, including GxP, HIPAA, and EU-GDPR,
- Aligns enterprise security capabilities and controls to cybersecurity frameworks, such as NIST (CSF/800-53), ISO 27001, CIS.
- Leads and mentors other team members.
- Facilitates communication with cross-functional groups.
Who you are
- 5+ years of experience in Application Security or prior experience as a solutions architect, or application architect
- Solid grasp of any of the following: OWASP Top 10 / SANS 25
- Hands-on experience utilizing SAST/DAST technologies (Checkmarx, Veracode, Synopsys, etc.)
- Strong grasp of web application architecture and design; secure web configurations and security headers; able to articulate common attack vectors and threats
- Strong understanding of SDLC processes
- Understanding of, or experience with, Identity Access Management (SAML, Oauth, etc.) and Network security controls.
- Knowledge of CI/CD and automation tools (Chef, Git, Jenkins, Glue, AWS CodePipeline, Azure DevOps, etc.), and previous experience integrating security tooling into DevOps pipelines
- Experience with any of the following regulatory frameworks: NIST 800-53, NIST 800-171, CMMC, DFARS, ISO 27001/27002
- Experience conducting Web Application Penetration Tests or vulnerability assessment
Bolded qualities are what we are looking for!