Application Security Resume Samples

4.8 (67 votes) for Application Security Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the application security job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
BS
B Strosin
Brooke
Strosin
70431 Adam Mount
San Francisco
CA
+1 (555) 364 8231
70431 Adam Mount
San Francisco
CA
Phone
p +1 (555) 364 8231
Experience Experience
Dallas, TX
Threat Modeling Lead-application Security
Dallas, TX
Wuckert and Sons
Dallas, TX
Threat Modeling Lead-application Security
  • Prepare a risk report for each Threat Modeling assessment listing out attack surface, threats, flaws and providing remediation guidance
  • Conduct deep-dive sessions with development teams and understand attack surface, threats, security controls and security design flaws
  • Acquire and maintain a working knowledge of relevant laws, regulations, and JPMC policies, standards, and procedures
  • Occasionally perform Security Architecture Risk Analysis (SARA) / Security Design Reviews (SDR) of applications and assess their designs against known and emerging threats
  • Take ownership of assessment from start to finish. Ensure that assessments are executed on-time, within defined scope and budget
  • Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
Houston, TX
Web Application Security Manager, VP
Houston, TX
O'Kon, Feeney and Simonis
Houston, TX
Web Application Security Manager, VP
  • Work closely with Application Developers, their management, and the Chief Technology Officer
  • Provide superior management to a team of web application security specialists
  • Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation
  • Examine current dynamic scanning practices and identify key risks, then execute programs to address them
  • Implement and manage an Enterprise wide dynamic scanning solution
  • Build and develop a team of expert level application security engineers
  • Lead large scale programs that span the enterprise to deploy and manage dynamic scanning solutions
present
Houston, TX
Application Security Manager, Director
Houston, TX
Quigley, Eichmann and Crist
present
Houston, TX
Application Security Manager, Director
present
  • Develop enterprise wide engagement models working closely with the office of the CTO, Application Development Leads, and the PMO
  • Develop, maintain and promote baseline security testing framework into part of regression testing
  • Build excellent relationships with the application development team and their managers and CTO
  • Perform code review, security feature & design review throughout design and integration testing phase of project
  • Design and build an end-to-end enterprise application security program which includes both a centralized and decentralized model for application testing, code scanning, issue tracking, issue remediation, key metrics, application logging, and SIEM onboarding
  • Develop, maintain, and report on key application security metrics – both as a program and on an individual basis; creating metric templates and scoring models
  • Manage and build a world-class team, retaining top talent and recruiting industry leaders
Education Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
California State University, Fullerton
Bachelor’s Degree in Computer Science
Skills Skills
  • Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies
  • Knowledge of threat modeling or other risk identification techniques
  • Excellent verbal and written communication skills
  • Familiar with host and vulnerability discovery strategies, processes, and best practices
  • Familiar and have had pen-testing experience against common network topologies and implementations (e.g., Infrastructure, DMZs, Zones, Wireless, etc.)
  • Some experience with Code reviews of Perl, Python, Ruby, Java, HTML, CSS, ASP, ASP.NET, Cold Fusion, Oracle, T-SQL, SQL and other languages and identification of code logic flaws
  • Thorough understanding of Networking Protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
  • Familiar with vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques
  • Familiar and have had pen-tested experience against Windows, Linux, OSX, and mobile platform environments
  • Complete Familiarity with the Open Web Application Security Project (OWASP)
Create a Resume in Minutes

15 Application Security resume templates

1

Global Application Security Risk Lead-cyber Security Resume Examples & Samples

  • Liaise with Cyber security, ITRAC, LOB risk leads, and other internal JPMC teams to maintain and enhance application vulnerability strategy, improving the firm’s risk posture
  • Provide leadership, support and sponsorship for application security cross departmental operations, processes and investment projects
  • Interpret the output from the firm-wide application security risk identification processes and ensure remediation compliance at an LOB level
  • Establish ‘tollgate processes’ throughout the JPMC SDLC ensuring documented compliance is achieved for JPMC code/applications
  • Develop and maintain a strategy to harden the ‘perimeter’ leveraging various approaches such as testing strategies, WAF, and malware detection
  • Develop and manage a strategy that proactively identifies externally accessible software assets and manages associated risk
  • Provide program support for related investments and strategy initiatives
  • Proficient verbal and written communication skills, including the ability to independently and effectively lead discussions and meetings with senior leaders (ED/MD level)
  • Ability to effectively work with a geographically diverse team of co workers/peers
  • Bachelors degree required, masters degree preferred
  • Software development experience a plus
  • Industry risk certification preferred (CISSP, etc)
2

Threat Modeling Lead-application Security Resume Examples & Samples

  • Coordinate Threat Modeling assessments with LoBs and consulting vendors
  • Take ownership of assessment from start to finish. Ensure that assessments are executed on-time, within defined scope and budget
  • Ensure that security design flaws are understood by development teams
  • Occasionally perform Security Architecture Risk Analysis (SARA) / Security Design Reviews (SDR) of applications and assess their designs against known and emerging threats
  • Conduct deep-dive sessions with development teams and understand attack surface, threats, security controls and security design flaws
  • Prepare a risk report for each Threat Modeling assessment listing out attack surface, threats, flaws and providing remediation guidance
  • Understand Security Design Patterns
  • Communicate Findings/Remediation guidance/Security Design Patterns to development teams in a concise and succinct manner
  • Learn and support internal Threat Modeling Tools and infrastructure
  • Drive improvements to the design process to make this a sustainable process embedded into the application development team’s SDLC
  • Track open vulnerabilities with stakeholders and drive closure
  • Evaluate the application's compliance against laws, regulations, policies, standards, or procedures
  • In-depth knowledge of application security on multiple technology platforms (e.g. J2SE, Struts/Spring, SQL, SSO, HTML5, etc…)
  • Good understanding of Network security
  • Skill in Threat Modeling methodologies and approaches such as STRIDE, Attack Trees
  • Knowledge of Security Design Patterns for Applications
  • Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly/minimization)
  • Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., ISO) relating to system design
  • Knowledge of software design tools, methods, and techniques
  • Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit)
  • CISSP, CSSLP, GWAPT, GPEN certifications are desirable
3

Application Security & Controls Professional Resume Examples & Samples

  • Consulting on Security Control Process to the application teams and application owners
  • Provide support for Supplier On Site Assessments
  • Minimum of 3 years of experience in IT holding various roles
  • Familiar with processes, procedures, and organization
4

Information Security Engineer Application Security Resume Examples & Samples

  • 3-5 years’ experience in relevant field
  • In-depth knowledge of Web application Vulnerabilities and ability to articulate their impact to business users
  • Experience with performing Threat Modeling and designing secure Architecture
  • Experience with creating and supporting Secure Software Development Lifecycle
  • Understanding and experience with virtual patching and Application Firewalls
  • Experience with dynamic web application testing tools, IBM AppScan, HP Web Inspect, Burp, etc
  • Experience with static web application testing tools – HP Fority, Checkmarx, etc
  • Experience of HTML5, Javascript, Node.js, PHP, Bash, Python, Ruby
  • Knowledge of traditional and cloud Architecture, experience of AWS or other public and private cloud technologies a plus
5

Senior Manager, Application Security Resume Examples & Samples

  • Professional with 15 years experience on consulting, designing and delivering large information security projects/programs and 10 years of application development
  • Annual budget process
  • Risk assessment & quantification
  • Conflicts and issues resolution and escalation
  • Strong facilitation skills
  • Design patterns e.g. MVC, MVP
  • Mobile development languages e.g. Objective C would be an asset
  • OWASP testing guidelines
6

Manager, Application Security Resume Examples & Samples

  • Professional with 10 years experience on consulting, designing and delivering large information security projects/programs and 5 years of application development
  • Enterprise level programming languages e.g. .NET, Java
  • Scripting languages e.g. JavaScript, VBScript, Action Script, Perl
  • Application security concepts and proxy tools
  • Secure coding practices
  • May have to manage staff… dependent on portfolio
7

Manager Application Security Resume Examples & Samples

  • Perform source code assessment of Bank’s web applications
  • Developing application security knowledge base
  • Improving efficiency of Security Portal with custom rules and custom scripts
  • BE/B.Tech in any stream
  • 4-6 years of experience in designing and building web applications with 2 years of application security experience
  • Sound knowledge of all the layers of web application with good understanding of application security vulnerabilities
  • Experience or knowledge about one programming language with solid basic concepts such as JAVA
  • Interest in making career in application security
  • Additional knowledge about various web application frameworks are plus
8

Assistant Manager Application Security Resume Examples & Samples

  • Coaching developers on secure coding practices and providing remediation support
  • Security engineering initiatives
  • Supporting the Enterprise Security Portal platform
  • Quick Learning/Self-Learning attitude
  • Experience in static source code analysis tools (e.g. Fortify) or open source tools are plus
  • Experience in penetration testing (secondary)
9

Assistant Manager Application Security Resume Examples & Samples

  • Extensive interaction with the development groups and lines of business
  • Security Engineering initiatives
  • 4 to 8 years of Web Application Security experience
  • Hands on experience in security administration
  • Knowledge of vulnerabilities, security trends, common exploits and their mitigation
  • Hands-on application scanning experience
  • Experience no bar as long as the candidate has the mindset and has the ability to hack applications
  • BE/B.Tech in any engineering stream (premier institutes)
  • Exposure to Rational AppScan
  • Experience in proxy tools (Burp/Fiddler etc)
  • Ethical Hacking expertise
  • Exposure to network security areas like vulnerability assessment, End-point security, AV, etc
  • Should have an overall understanding of the standards and industry trends in information security
  • Experience in Source code assessment (secondary)
  • Ability to understand source code and scripting ability
  • Good Presentation skills are MUST HAVE
  • Good Communication (written & verbal) skills are MUST HAVE
10

Advisory Senior Consultant Cybersecurity Application Security Resume Examples & Samples

  • Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the client's current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels
  • Perform detailed Quality Assurance (QA) review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels
  • Complete the draft and final reports and other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately
  • Act as a subject matter resource in specific programming languages and web application environments. Propose vulnerability risk level and estimated level of remediation effort. Propose code fix or architectural strategies to remediate identified vulnerabilities. Confirm appropriateness of a proposed remediation approach or propose viable alternatives and perform the actual remediation
  • Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues. Communicate appropriately with the engagement team and client management through written correspondence and verbal presentations
  • Bachelor’s degree and a minimum of 2 years of related work experience; or a Master’s degree and approximately 1-2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major
  • Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP
  • Demonstrated experience in Information Security strategic planning, architecture migration strategies or security engineering strategy
  • Demonstrated experience in key Cybersecurity domains such as identity, access management, and cryptography
  • Enterprise experience with application development for mobile platforms such as iOS, or usage of mobile frameworks such as Kony or PhoneGap is a plus
  • Understanding of development methodologies such as waterfall, agile, continuous integration
  • Proficiency in the English language, including the ability to listen, understand, read, and communicate effectively both written and verbally in a professional environment
  • Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge
  • Prior Big 4 or other relevant consulting experiences a plus
  • A strong work ethic
11

Senior Analyst, Application Security Resume Examples & Samples

  • Lead Security testers in the assessment of applications
  • Lead and perform penetration testing of applications
  • Partner with and lead application teams’ enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process
  • Audit SDLC processes throughout the company
  • The successful candidate will be responsible for participating in the following activities
  • Degree in Computer Science or equivalent experience
  • Experience with end-to-end SDLC process
  • 4 years’ experience of application development, design, testing and/or related IT experience
  • Prior experience performing application testing or black box reviews, OWASP, and scanning tool knowledge is beneficial
12

Program Manager, Application Security CP Resume Examples & Samples

  • Lead the IT application security testing program
  • Ability to report, track and create metrics for a program
  • Detailed knowledge of security testing for applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques
  • Proficiency with application and network vulnerability analysis in areas such as secure coding practices, network design and operation, software development life cycle and application security
  • Demonstrate knowledge of IT Security interoperability, connectivity and integration issues related to distributed or centralized IT infrastructures
  • Capacity to provide advice on secure architectures, hardening guides and security directives in conjunction with key IT stakeholders and SME
  • Collaborate with various Bell’s internal stakeholders as well as external partners
  • Ability to document and analyse results, produce security assessment reports and present to IT Support teams (for remediation) and executive stakeholders
  • Ability to keep up to date on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities; and
  • Minimum of 10 years professional work experience in information security
  • Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that meet objectives
  • Experience with security testing tools and methodologies in conducting vulnerability and application security assessments
  • A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles
  • Strong documentation management skills leveraging project repository to share key documents and lessons learned for support, audit, future roadmap and delivery requirements
  • Leadership and mentoring skills
  • Knowledge of Bell networks, servers and applications specifically within Information Technology; and
  • Knowledge of ISO 2700x, ITIL, and PCI-DSS; and
  • Bilingual in French and English would be a strong asset
13

Specialist, Application Security Resume Examples & Samples

  • Support the IT application security testing program
  • Ability to configure, implement, and maintain security testing tools as well as the configuration of data sources for metric reporting/tracking
  • Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques
  • Produce security assessment reports and distribute to IT Support teams (for remediation)
  • Ability to document and educate stakeholders on the findings
  • Ability to research, recommend, and implement changes to procedures and systems to enhance application and systems security
  • Provide feedback on operational and procedural documentation as required
  • Ability to serve as subject matter expert on IT security tools, polices, and controls
  • Take an active role in security-related audits and inquiries
  • Ability to keep up to date on the latest security regulations, advisories, alerts and vulnerabilities; and
  • Supporting member as required to the Bell Infrastructure Security team
  • Minimum of 7 years professional work experience in information security
  • A security based professional qualification desirable (e.g. CISSP, CISM, CISA, OPST, CEH, GPEN)
  • Ability to analyze IT solutions and technology infrastructure in order to identify and assess security vulnerabilities, threats, and risks
  • Think analytically and synthesize technical information from various sources
  • Excellent skills of verbal and written communications, relationship-building, and influencing others
  • Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent work experience
14

Senior Application Security Consultant Resume Examples & Samples

  • Plans and performs application penetration testing and application source code reviews (there is no code development)
  • Interacts with the client as required throughout application security review engagements
  • Communicates results of reviews to appropriate technical and client representatives in written and verbal formats
  • Utilize industry leading tools and solutions to enhance the security posture for the company; subject matter expert (SME) in one or more security/technology areas
  • Acts as single point of contact for assigned work
  • Acts as a backup for other team members and leadership
  • 4+ years application development experience
  • 2+ years experience in development technologies such as .Net framework and Java
  • 2+ years of web application development experience
  • Previous experience performing penetration testing of web based applications a plus
  • Previous experience performing application security source codea assessments a plus
  • Experience with tools like Fortify, WebInspect or AppScan a plus
  • Thorough understanding of web based application vulnerabilities such as SQL Injection, Cross-site scripting a plus
  • Understanding of distributed systems, security principles, and various design methodologies
  • Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management
  • Ability to work with little or no supervision after initial briefing
  • Ability to guide the work of others
15

Application Security Domain Lead for Citi Innovation Lab Resume Examples & Samples

  • Broad and diverse background in enterprise security strategy, products, processes, methodologies, operations and org structure
  • Experience and knowledge in application security issues, vulnerabilities and threats, ability to understand software vulnerability assessment and penetration tests and their mitigations
  • Hands-on software engineering background with programming frameworks (e.g. J2EE or .NET) as well as client/server and web application technologies
  • Good understanding of modern software development methodologies, tools, processes and best practices, including Application Lifecycle Management, Continuous Integration, DevOps, Integrated Development Environment and Build Engines
  • Proven experience with large and complex environments
  • Past experience in enterprise security architecture and/or product management positions – big advantage
  • Entrepreneurship and/or startup background – advantage
  • Bachelor's degree in Computer science, software engineering or similar
  • Ability to lead, collaborate and influence
  • Independent, self-starter, well-organized, creative and strong team player
16

EDI & User Application Security Access Coordinator Resume Examples & Samples

  • Processes daily and weekly EDI transmissions
  • Maintains the daily log of EDI activities by division
  • Analyzes EDI data issues, identifies solutions and corrects the problems in a timely manner
  • Escalates persistent or complex EDI issues as appropriate
  • Assists and participates in certifying new vendors on DXLG’s vendor EDI programs
  • Processes requests from authorized users to grant access to new and existing users to the applications used by DXLG
  • Performs the removal of access from all applications for terminated employees based on weekly notification provided by HR
  • Maintains appropriate documentation for audit purposes for all user access additions, changes and delete activities according to the policies and procedures outlined in the Corporate Security Policy with respect to application security
  • Updates system options or menu options as needed to support system changes or enhancements based on migration forms instructions
  • Processes all store setup and related maintenance activities, as well as Table Field creation and maintenance
  • Organizes own workload to ensure all tasks and assignments are completed accurately and on time
  • Coordinates with other development groups, MIS and non-MIS, as required
  • Responds quickly and maintains a constructive approach to on-going changes in the business
  • Assists with other tasks as needed or as requested
  • Assumes additional responsibilities as required
17

Analyst, Application Security Resume Examples & Samples

  • Work with application teams enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process
  • Partner with application teams’ enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process
  • Evaluate, recommend, and implement enhancements to secure coding practices and operations
  • Degree in Computer Science or similar experience
  • Familiar with the SDLC process
  • 1-2 years’ experience of at least one of the following: application development, design, testing and/or related IT experience
  • Prior experience performing application testing, black box reviews, or OWASP
  • Scanning tool knowledge is beneficial
18

Advisory Senior Consultant Cybersecurity Application Security Resume Examples & Samples

  • Perform detailed Quality Assurance (QA) review of web- based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels
  • Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. Ensure high- quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance
  • Bachelor’s degree and a minimum of 2 years of related work experience; or a Master’s degree and approximately 1- 2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major
  • The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect, or CEH certification
19

Advisory Manager Cybersecurity Application Security Resume Examples & Samples

  • Effectively lead and motivate client engagement teams and provide technical leadership in the assessment, design, and implementation of software security and IT risk solutions
  • Understand EY and its service lines. Actively encourage team members to contribute ideas and identify opportunities to introduce EY services
  • Foster an innovative and inclusive team- oriented work environment. Play an active role in counseling and mentoring junior Cybersecurity team members
  • Bachelor’s degree and a minimum of 5 years of related work experience, or a Master’s degree and approximately 4 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major
  • A minimum of 4 years of related work experience writing enterprise security standards, policies, and coding guidelines
  • Experience conducting application security vulnerability assessments and attacks including creation of proof- of- concept exploits
  • Demonstrated experience with enterprise application development in one or more of the common development platforms: Java/J2EE, .NET/C#, C/C++, PHP, Python, or Flash
  • Knowledge of networking and system- level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture
  • Demonstrated experience in key Information Security domains such as identity, access management, and cryptography
  • The successful candidate must hold or be willing to pursue related professional certifications such as the CISM, GIAC, Open Group Certified Architect, CEH, CISSP, or equivalent
20

Principal Application Security Resume Examples & Samples

  • Provide application security advisory, solution architecture, and consulting to internal projects of varying size. Assist business and application development teams to develop secure solution in support of business requirements
  • Drive organization wide application security strategy for business applications including but not limited ERP systems
  • Assist in alignment of overall security governance with IT architecture governance and project and portfolio management (PMO)
  • Evaluates, develop and implement secure solutions, based on approved enterprise security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks
  • Review and update application security policies, standards, and architectures that guide IT and Business with security and risk management planning
  • Communicate security risks and solutions to business and IT executives
  • Act as a security expert in application development, database design, network and platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices
  • Provides mentorship and direction to less experienced security engineers
  • 5+ years of combined IT and security work experience including infrastructure, systems, vulnerability testing, audit, or secure application software development
  • Advanced understanding of SDLC, following the process to develop and design effectively solutions
  • Expert knowledge of enterprise and web application development platforms
  • Sound understanding of security principles, such as infrastructure security, identity and access management, vulnerability management, and secure coding
  • Advanced knowledge of secure coding practices based on OWASP and SANS
  • Advanced knowledge and experience developing or testing: Authentication infrastructure SAML and OAUTH SSO Protocols XML and JavaScript Internet security protocols and technologies
  • Experience with project management best practices and collaborating with PMO
  • Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL and National Institute of Standards and Technology (NIST) frameworks
  • Strong interpersonal skills (written and oral communication) and ability to articulate complex issues to executives and customers
  • Desired experience in implementing and assessing security controls for Oracle E-Business, Hyperion and PeopleSoft
  • Working in large / global corporate environments involving multiple businesses
  • Track record of success in planning and implementing large projects. Strong crisis management skills
  • Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make fact-based decisions
21

Application Security & Controls Champion Resume Examples & Samples

  • Work in ambiguous situations and drive to a solution
  • Bachelor of Science degree in Computer Science
  • 1+ years of experience in Security, Controls and IT audit
22

Web Application Security Consultant Resume Examples & Samples

  • Bachelors degree and 3+ years of experience
  • Working knowledge of NIST SP 800-53 Rev4 security controls and the security authorization process
  • Experience with Information Security Policies, System Administration, Network Security, and Firewall Administration
  • Familiar with Network Protocols, Routers, Hubs, and Switches
  • Experience with scanning web applications. The preferred tool experience is HP Web Inspect and Security Center (Nessus)
  • CISSP or Security+ certifications preferred
23

Application Security SME Resume Examples & Samples

  • 5+ years generalized IT experience in a Data Center, Networking, or Storage environment, working with medium to large scale infrastructures
  • At least 1-2 of those years with technical experience in Disaster Recovery (DR) and/or storage with experience in developing DR procedures, and guidelines for servers, databases, applications, storage and operating systems in the event of a disruption
  • Previous experience with large enterprise backup / recovery and disaster recovery strategies
  • Experience creating and implementing disaster recovery strategies and designs as distinguished from the operations and maintenance of disaster recovery capabilities
  • Experience with data replication services such as tape-based backup, Synchronous and Asynchronous Replication, SAN or database replication, etc.red
  • Understanding of relevant frameworks such as FISMA, the NIST SP 800-53, etc
  • Enterprise Security Architecture
24

Manager, Application Security & Controls Resume Examples & Samples

  • Provide subject matter expertise in areas of strategy and design for Security and internal controls for IT Applications. Proactively manages business partner expectations at a senior level, resolving conflicts between compliance requirements and project/business constraints
  • Lead the efforts to apply Information Asset protection policies (IAPP) and risk management policies and processes in the IT projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation
  • Work with IT, QA, Regulatory, CIA and business colleagues to ensure audit readiness and to prepare for internal and external audits. Lead activities for audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits
  • Stay abreast of new technologies and technology service models (e.g., virtualization/cloud hybrid, VPCx) and provide out of the box thinking to assist stakeholders in designing, assessing, and implementing IT internal controls for new technologies, projects and existing applications
  • Facilitate education and training to the project teams on application security and internal controls, SOX and other applicable ISRM areas
  • Provide leadership and drives employee engagement, drive a focus on Talent Development within ISRM to develop a diverse, regional IT talent pipeline
  • Perform other work related duties as assigned
  • A minimum of 7 years of progressive experience in leadership roles within Information Security & Risk Management/IT required
  • Demonstrable track record of working within large projects and managing multiple competing priorities
  • Strong knowledge of IT internal control requirements and Information Asset Protection Policies
  • Current knowledge of regulatory procedures in internal and external environments
  • Advanced knowledge of information security technologies, such as encryption and multi-factor authentication
  • Understanding of threat identification tools (e.g., intrusion detection) and collection of data on security events to improve the organization’s ability to assess threats
  • Experience in performing, analyzing, and reporting results of network/infrastructure and applications vulnerability assessments, and developing remediation plans
  • Advanced knowledge of secure development, application security, and security requirements for critical applications
  • Familiarity with secure code reviews and dynamic / static code analysis
  • Experience managing and external internal audits for IT
  • Experience managing a SOX 404 program for IT
  • Big Picture/Attention to Detail – align strategic and tactical required
  • Results Orientation/Sense of Urgency – ability to drive to tight timelines required
  • Excellent interpersonal skills required
  • Creative problem solving skills required
  • Customer focus (internal & external) required
  • Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally required
  • Proven ability to influence/collaborate to get to desired result required
  • Strong leadership skills required
25

Web Application Security Technical Lead Resume Examples & Samples

  • Performing source code reviews using automated tools and manual analysis
  • Writing a formal security assessment report for each application to determine security risk, compliance with documented security standards and remediation requirements
  • Lead meetings with development teams to scope out new requests, deliver assessment results, and consult on application remediation
  • Develop standard method and process for testing following industry best practice including OWASP testing guide
  • Is responsible for the execution and delivery of planned project deliverables and milestones
  • 3-5 years of experience developing and securing web applications
  • Experience performing web application security code, penetration, and analytical testing and using vulnerability testing tools
  • Experience with JavaScript, JAVA, .NET, and J2EE based applications; knowledge of PHP, IOS, and Android
  • Knowledge of OWASP tools and methodologies, web application firewalls, and network security
26

Director, Application Security Resume Examples & Samples

  • Provide strong team leadership to a talented team of security engineers by establishing clear direction, a productive culture, and measurable goals in pursuit of the overall security strategic plan
  • Manage and improve our internal Software Security Development Lifecycle
  • Drive and manage automated security testing at scale to measure vulnerability and report on risk across Lending Club applications
  • Collaborate with internal stakeholders on addressing systemic security issues
  • Evaluate and prioritize security reviews to ensure timely evaluation per risk based approaches
  • Evangelize security within the development organization
  • Recruit, mentor, foster and grow a talented team of application security experts
  • Review application security tools and services to determine quality and applicability within Lending Club’s Software Security Development Lifecycle
  • 5+ years in the field of software security
  • 3+ years management/leadership experience
  • 5+ years software engineering experience
  • Experience leading an application security team at a fast-paced, successful, innovative, Agile technology company
  • Demonstrated success with planning and execution of large security projects with multiple business stakeholders
  • Software engineering experience with Java web applications
  • Experience building tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Expertise with browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
27

Technical Manager Application Security Resume Examples & Samples

  • Build and lead the Application Security Engineering team for TripAdvisor
  • Identify software security vulnerabilities within TripAdvisor and articulate their importance and relevance to our business
  • Propose and build new tools/infrastructure to make application security easy for TripAdvisor engineers
  • Define software development policy and govern implementation to assure adherence to standards
  • Work with TripAdvisor IT, Operations Staff, Product Managers, and Software Engineers to prevent and resolve issues
  • Active interest in promoting security awareness and mentor members of the development teams on company security standards, including secure coding guidelines
  • Analyze industry trends and incorporate into roadmaps for security strategy
  • Ensure security strategy is aligned with business strategy and overall company direction
  • B.S. or M.S. Computer Science, or equivalent experience
  • 7+ years of relevant work experience applying security practices to software development, with at least 2 years managing a team
  • You can manage a team towards long-term goals while delivering new capability daily
  • You have the ability to work with everyone from engineers to product owners to C-level executives to help communicate, prioritize, influence and inform key product decisions
  • You have successfully hired and built teams including interviewing, on-boarding, and mentoring
  • In-depth knowledge of common Internet vulnerabilities and techniques to identify and fix them
  • Java or C++ development experience in a UNIX or Linux environment
  • Strong analytical, problem-solving, and communication skills
  • Contributions to the security community are a plus
28

Application Security Resume Examples & Samples

  • Define and apply a methodology to investigate and understand new projects and technologies for key risk concerns
  • Develop and maintain scalable security services that integrate into the development lifecycle
  • Minimum of 7 years of software development experience in J2EE. At least 2 years of Web Services development required
  • Familiarity with OWASP and other industry secure coding standards frameworks
  • Minimum of 3 years of general information security experience, including application, server, and/or database experience
  • Minimum of 2 years of experience with Web Services security, including federated models
  • Minimum 2 years of experience in static, dynamic, binary static, interactive, penetration testing techniques and tools such as Fortify, Appscan, WhiteHat, Veracode, etc
  • Experience assessing technologies from a risk perspective and documenting options with recommendations
  • Excellent written and verbal communication and teamwork skills
  • Experience in the BlueCross system or other health insurance company
  • CISSP, CSSLP, or CISM Certified or equivalent certification
29

Application Security Admr Resume Examples & Samples

  • Responsible for all host system and vendor software system user administration which entails adding, removing, modifying user account information, password reactivations, deactivations and profile updates
  • Responsible for managing teller cash boxes in Core Banking system. Responsible for troubleshooting application user issues and configuring profiles for applications
  • Support front-end applications and in-house developed applications. Follows-up on day-to-day functioning of the daily processes. Communicates and follow-up on client communications
  • Prepares regular access review reports for all applications, submits to business for certification of user access in various systems. Provides access rights and privileges as needed for all managed applications and ensures that they are in line with the job requirements
  • Responds to all requests related to systems access and user management on a timely basis
  • Performs special projects, and additional duties and responsibilities as required. Where applicable and when performing the responsibilities of the job, employees are accountable to maintain Sarbanes-Oxley compliance and adhere to internal control policies and procedures
  • Knowledge of risk assessment policies and procedures
  • Demonstrated knowledge of information security principles and standards. Knowledge of applications/systems (Miser, Loanserve, Egifts, WEB Based applications)
  • Good understanding of application audits and its implications. Good understanding of separation of duties and appropriate user access
  • Good organization skills to manage multiple requests under deadlines with close attention to detail
  • Computer literate with proficiency in Microsoft Office Suite Word, Excel, PowerPoint, Access and Corporate Email System
  • Excellent customer service skills. Strong documentation, written and verbal communication skills
  • Ability to adapt to changing environments, handle new responsibilities and quickly grasp key concepts. Ability to work in a team environment and independently
  • Ability to work in a fast paced environment, detail oriented, well organize and capable of managing multiple assignments efficiently
  • Ability to work in a 24/7 environment where flexibility with work hour changes and on-call support schedules are required
30

AWS Application Security TPM Resume Examples & Samples

  • Bachelor's Degree in Computer Science or related field or equivalent experience
  • Minimum of 3+ years of technical program management experience
  • Minimum of 2+ years of experience working in the information security field, preferably designing, implementing, and documenting secure architectures
  • Prior working experience with a Software Development Teams
  • Experience working with stakeholders across many functions
  • Sharp analytical abilities and proven design skills
  • Experience interpreting and communicating analytics
  • An understanding of Web Services
  • Experience with risk analysis and threat modeling
31

Manager, Application Security Resume Examples & Samples

  • Recommend security strategies and solutions based on understanding of the real needs of Macy’s engineering teams
  • Stay up-to-date on the evolving threat landscape and provide updates and recommendations specifically relevant to our business
  • Participate in defining and executing on SSDLC
  • Help define requirements and priorities for security projects
  • Partner with the Information Security team to ensure application and infrastructure security efforts are well integrated
  • Work with architects and tech leads to ensure designs align with overall security architecture standards and practices
  • Govern and enforce security standards and practices with technical and business partners as needed
  • Participate in incident response and architecture review processes as needed
  • Participate in PCI certification and other audit and review processes as needed
  • 3+ years of experience in software engineering with a focus on application and data security
  • Experience with secure development practices
  • Familiarity with federated identity and SSO technologies and Unix security features
  • Expertise with security solutions for data and service exchange across third party vendors, partners and developers
  • Expertise in private and public cloud service security, service gateways/proxies and B2B security
  • Experience with infrastructure security aspects of the application development landscape, including DMZ, firewalls, CDN and load balancers etc
  • Familiarity with agile development principles sufficient to integrate security controls without unnecessarily impeding overall project velocity
  • Demonstrated ability to establish and maintain strong partner relationships
  • Certification in information systems security preferred
  • Must be able to effectively discuss security-related topics with technical and non-technical audiences
  • Project Leadership and consensus-building skills are essential
32

Software Engineer, Application Security Resume Examples & Samples

  • Perform security reviews and provide insights throughout all phases of software development
  • Evaluate the impact to the organization of current security advisories, publications, and trends
  • Develop new security solutions / tools to prevent security vulnerabilities and assist in addressing existing security problems
  • Help detect, highlight, and close security vulnerabilities that surface during the software development lifecycle
33

Application Security Service Line Lead Resume Examples & Samples

  • The Application Security Service Line Lead will lead a team of experts in managing, evaluating and auditing all Contract required IT systems to ensure compliance with client IT Security standards as set forth in the client IT Security program
  • Perform A&A of all Contract, Contractor-Supplied Images, applications and stand-alone systems and general support systems used in support of the client support services contract
  • Depending on the classification of a system, the Contractor shall use the client guidelines for conducting information system certifications. In addition, the Contractor shall use current Guides to the Certification and Accreditation Process as guidance for the client certification methodology
  • Comply with the defined A&A process. The process consists of (i) generating an information system initial risk assessment report, (ii) developing the system security plan (SSP), and, (iii) supporting the security testing and evaluation, independent verification and validation, independent audits. The SSP is updated in each phase/step as the system development progresses and new information becomes available
  • Obtain, retrieve, compile, draft and prepare necessary documentation for inclusion to the SSP. The Contractor shall ensure that all drafts go thru Quality Assurance Review prior to delivery
  • Verify the accuracy of the System Security Plan (SSP), system architectural diagrams and identity of the systems being accredited as SBU, Classified, or higher levels
  • Provide guidance to application development teams on techniques and methods for incorporating good security practices into the development lifecycle
  • Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity and availability are maintained at the standards that are in accordance with client and Contract standards including Federal Information Processing Standards (FIPS) 140 and 199
  • Perform System Architectural Analysis to include review of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security and review other pertinent system development life cycle documentation
  • Assemble packages at the direction of the Government Client or Contract Management and provide copies of the package as needed
  • Prepare the package for delivery to management in order to obtain signature from the Certification Authority, who grants certification and the DAA or Authorizing Official, who grants the accreditation, which results in an approval to operate the system
  • Monitor dashboards to ensure and assist in validating that all security criteria and regulatory requirements are maintained and that changes that affect the A&A documentation are denoted
  • Use the government-appointed tool to input information or create an A&A package during the A&A process
  • Maintain compliance with both client IT Security policies and client’s continuous monitoring reporting requirements as required by the Federal Information Security Modernization Act (FISMA)
  • Responsible for the development of IT security policies and maintaining acceptable level of integrity in use of IT on the contract. Responsible to develop IT security and protection training to all staff and specialized IT training to IT security staff
  • Responsible to report in breeches or attempt in beeches in IT security per the developed IT Security Plan
  • Responsible to develop the IT Security Plan
  • Report on program security status at monthly program reviews
  • Due to the nature of the government contract requirements and/or clearance requirements, US citizenship is required
  • Must have a Bachelor's Degree in a related field
  • Must have an active CISSP
  • Must have a minimum of 10 years experience of Information Systems Security in support of client or the DoD
  • Must be able to pass a CGI background check to start and maintain employment
  • Due to the nature of this government contract, US Citizenship is required
34

Ers-application Security Resume Examples & Samples

  • Should have played a lead role in client engagements (global exposure) and should be delivery focused with team management ability
  • Exposure to methodologies, such as OWASP preferred
  • Secure code review - .NET and J2EE technologies
  • Enterprise IDS Implementation and Testing
  • Incident Response Training
  • Network Infrastructure security, firewall and router configuration, switches, secure network architecture, VPNs, PKI, PMI, Portals, Cisco, PERL, python, C++, XML, HTML
  • Project plan (MPP)
  • Vulnerability Management tools: Nessus, NMAP, ISS, AppScan, AppDetective, Qualys Guard
  • Strong technical skills and project management skills in handling multiple Vulnerability Management projects. Should have led subject matter specialist role in Enterprise Security architecture solutions
  • Organising Skills (Reporting, timeline management, etc.)
  • Project Management skills
  • Should be open to travel
35

Data & Application Security Consultant Resume Examples & Samples

  • Help clients develop application and data security strategy and architecture to meet business needs
  • Use assessments and workshops to help clients understand security and privacy issues, risks, exposures, vulnerabilities, and potential solutions
  • Lead design and deployment of application and data security management solutions to address specific security and privacy requirements for specific customer accounts
  • Research Application and Data Security technologies and industry trends
  • Author whitepapers, RFI responses and Proposals
  • At least 5 years of hands-on experience in architecting, implementing, and maintaining application security and source code security solutions (AppScan, Fortify, WebInspect, Cenzic, etc.)
  • At least 5 years of hands-on experience in architecting, implementing, and maintaining data security solutions, including data encryption, data loss prevention, data obfuscation, etc
  • At least 8 years of hands-on application development experience that spans database and web server configuration and source code programming
  • At least 5 years overall information security engineering experience
  • In-depth knowledge and experience in secure coding best practice
  • Certifications: CISSP, CISA, CISM
  • Anti-phishing solutions strategy, architecture, and implementation
36

Head of Application Security Resume Examples & Samples

  • Approximately 10+ years of security leadership experience, with several years at global scale
  • Strong technical understanding of all facets of technical product security coupled with a proven track record of managing a team spanning all major functions
  • Demonstrated success implementing a security strategy in a 24/7 fast-paced organization
  • Globally established/recognized reputation in the security field
  • Success achieving influence and driving results in a matrixed environment
37

Application Security Architecture Team Leader Resume Examples & Samples

  • Act as the local escalation point for developers and management engaging with the team
  • Peer review security assessments
  • Validate identified technical control gaps and review security requirements set to remediate identified risks
  • Provide technical security training to the team
  • Ensure that the quality of the security assessments is consistent and meets the objectives
  • Ensure that the throughput of the team meets the objectives
  • Provide architectural and implementation guidance to ensure developers follow security best practices
  • Communicate to the IT System Owners technical details on technical control gaps and provide attack scenarios relevant to the risks identified
  • Ability to explain common application vulnerabilities and detailed remediation strategies to developers
  • Ability to provide security training to developers
  • Architecture background (software or infrastructure)
  • Team leading experience
  • Strong interpersonal skills are critical, since the role involves working with developers and executives around the world
  • Ability to multi-task and handle multiple projects
  • Bachelor Degree in Computer Science, Software Engineering, or equivalent with minimum five years relevant work experience in high-paced, enterprise environment
  • N-Tier application design and implementation, particularly web-based applications that cross company boundaries
  • Track record of providing security training to developers
38

Advisory Senior Manager Cybersecurity Application Security Resume Examples & Samples

  • Develop and review reports and presentations for both technical and executive audiences
  • Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
  • Forms a “centre of excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
  • Leads or commissions suitable information security awareness, training and educational activities
  • Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
  • Prior Big 4 or other relevant consulting experience required
  • Experience developing new business and meeting revenue targets required
  • Strong analytical and problem- solving skills
  • A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required
39

Application Security Specilaist Resume Examples & Samples

  • Contribute both on an individual assessment basis as well as a global strategic basis to raise the security posture across the organisation
  • Identify application security vulnerabilities in a range of technologies including web and mobile through a combination of security assessment techniques: manual penetration testing, code-review, SAST, DAST, IAST etc
  • Work collaboratively with development teams to proactively build security within their software delivery pipeline
  • Develop security standards and guidelines for applications and systems developed at Barclays
  • Innovate towards the goal of establishing novel security services and the enhancement of existing services
  • Work within virtual teams of security and technical specialists to ensure quality delivery of leading solutions to our internal clients
  • Provide reports which highlight and clearly articulate vulnerabilities and weaknesses to clients in terms they understand
  • Strong web application testing/penetration testing/code-review experience
  • Thorough knowledge of application security assessment techniques and their relative merits, including: SAST, DAST, IAST and manual assessment
  • Understanding of Application security issues, coding standards, and an ability to articulate them to developers and project managers
  • Knowledge of programming languages such as: Java(J2EE/Android), C#.NET, C/++/JNI, Objective C
  • Wider SDL activities such as threat modelling and design review
  • Familiarity with web application multi-tier architectures and operation
  • Demonstrated ability to solve complex technical problems
  • Able to explain security functionality from first principles
  • Physical security knowledge and experience is considered benefitial but not required
40

SAP Application Security Manager Resume Examples & Samples

  • Lead the enhancement, standardization and improvement of SAP security intake and prioritization processes associated with service desk and user request tickets
  • Participate in and provide input to the design of user dialog and non-dialog roles, task assignments, role mapping and user provisioning inclusive of Fire Fighter design and assignments. Knowledge and experience with SAP GRC is essential
  • Support and participate in SAP security projects, upgrades and initiatives as necessary in enabling standardization and efficiencies across the SAP security environment
  • Understand role design techniques such as composite roles, business roles, authorization objects and SAP role architecture
  • Specific experience with SAP Solution Manager, GRC 10.0, 10.1, HPQC, and Remedy is required
  • Knowledge and experience with SAP business roles, SAP business role manager (BRM) and the business role management library (BRML) concepts is required
  • Support off-hours, weekend hours and rotating shifts as needed for special projects, system upgrades, patching and release processes
  • Knowledge of general security support and operations processes and familiarity with ITIL problem resolution and change management structures beneficial
  • Knowledge of segregation of duties (SOD) concepts, security authorizations, and general access restriction models required
41

Application Security Manager, Director Resume Examples & Samples

  • Design and build an end-to-end enterprise application security program which includes both a centralized and decentralized model for application testing, code scanning, issue tracking, issue remediation, key metrics, application logging, and SIEM onboarding
  • Manage and build a world-class team, retaining top talent and recruiting industry leaders
  • Build out a centralized and decentralized system for issue tracking and management
  • Build close relationships with the CIO, CTO, CISO, and other key stakeholders
  • Develop enterprise wide engagement models working closely with the office of the CTO, Application Development Leads, and the PMO
  • Create and maintain evergreen processes for application onboarding and recurring testing
  • Maintain red-team programs designed to holistically detect security vulnerabilities or defects from anywhere within the organization including the human layer to ultimately stop and/or deter security breaches
  • Develop and maintain application testing matrix based on numerous vectors such as application risk, regulatory implications, and application function
  • Develop, maintain and promote baseline security testing framework into part of regression testing
  • Ensure that all application changes align with security principles, secured architecture design, security features & requirements, and are free of serious security defects before changes are promoted into production
  • Experience rolling out and/or running a large scale enterprise application security program
  • Subject Matter Expert in all facets of Application Security
42

Application Security Delivery Manager Resume Examples & Samples

  • Lead Application Security Delivery team in capability development and operations activities
  • Lead and mentor team members to improve overall skills and capabilities
  • Monitor application security delivery effectiveness using key performance indicators
  • Identify and manage risks and issues as a subject matter expert for daily work
  • Required to identify, assess, and resolve complex issues/problems within own area of responsibility
  • Relevant degree in information security, computer science or related field
  • Strong experience in application security, penetration testing & vulnerability assessments
  • Exemplary customer service and active listening skills
  • Strong decision making capability
  • Leadership experience, preferably in an international setting
  • Self-motivated with proactive approach to managing application security
  • Enthusiastic and committed approach with a track record of building strong, trust- based relationships with colleagues and client stakeholders at all levels
  • Fluency in oral, written and presentational English and ability to communicate to various stakeholders at different levels, including CXO level
43

Application Security Design & Modeling Director Resume Examples & Samples

  • Define differentiated Cyber controls (standards) for application environments understanding the complex and diverse nature of JPMC
  • Manage applicable standards and procedures translating security requirements into easily understandable requirements
  • Maintain a deep understanding of the core discipline(s) for which you support (SME)
  • Experienced leader who demonstrates results in matrix organizations
  • Ability to work under pressure in time critical situations
44

Global Head of Application Security Resume Examples & Samples

  • Ensuring security policy requirements are properly applied to applications throughout the entire development life cycle
  • Ensuring business units understand security policy requirements and factor them in to their activities
  • Provide practice leadership by facilitating a community of like-minded practitioners to share and exchange ideas for growth and improvement
  • Help establish capability and skills models for the core domain
  • Become a role model for practitioners in the core domain *LI-JB2
  • Bachelor’s degree or equivalent in Computer Engineering, Computer Science or a related field of study and at least 7 years of progressively responsible experience performing application security assessments
  • Prior experience must include: performing penetration tests, vulnerability assessments and infrastructure security reviews for web applications and their supporting network infrastructure; and performing secure coding review utilizing .Net, J2EE, and C++ for Windows and Unix operating systems
  • At least 5 years' development, architecting, and implementing of enterprise IT security solutions, with focus on application security aspects
  • At least 2 years' architecture of digital platforms (e.g., online, social, mobile cloud)
  • At least 2 years of experience of digital security methodologies and deployments
  • At least 3 years- experience in threat modeling
  • Strong understanding and experience of multiple SDLC methodologies
  • Strong experience in rolling out threat modeling enterprise wide that can be consumed by developers and engineers
  • Demonstrated leader with team-oriented interpersonal skills, with the ability to interface effectively upper management, IT leadership and technology vendors
  • Manage staffs and consultants/contractors across different geographic locations to ensure the team performs at the highest standard. Coach and manage internal staffs- performance and career goal. Ensure team is appropriately staffed and supported. Manage and track Key Performance Index (KPI) to ensure and maintain high team performance
  • Positive impactful communications, excellent leadership, business partnership, and project management skills
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
  • Strong secure development and programming knowledge of application threats and vulnerabilities
  • Knowledge of static code scan tools such as Fortify
  • Knowledge of open source toolsets such as Git/Bitbucket, Jira, Maven, Jenkins, Crucible, JUnit and some knowledge of test automation utilizing software tool such as Selenium will be a plus
  • Ability to prepare and present project ideas and proposals to senior management
45

Director of Software Application Security Resume Examples & Samples

  • Excellent leadership, verbal and written communication, presentation, and problem solving skills
  • Experience with a Secure Software Delivery methodology
  • Experience in web application development and relevant technologies
  • Proficiency with Agile, Continuous Integration/Development, DevOps SDLC models
  • Proven analytical and problem solving skills, as well as the desire to assist others in solving issues
  • Intermediate to advanced knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
  • Intermediate to advanced technical knowledge of, and the ability to recognize, various types of security vulnerabilities
  • Good interpersonal skills with a strong interest in the application security domain
  • Highly motivated with the willingness to take ownership / responsibility for their work and the work of the SCR team
  • Ability to influence management and support/help build credibility across the organization
  • A collaborative and engaging leader who partners well with others
  • A strong leader in talent management, with the ability to develop staff, recruits appropriate talent, and create a culture of performance
46

Application Security Leader, VP Resume Examples & Samples

  • Contribute to the success of the AM Application Security program by working with security architects, software security champions (SSCs), Application Security Champions (ASCs), application development (AD) managers, application developers, and information risk managers (IRMs) to deploy software security controls effectively
  • Govern, build, and maintain Asset Management’s static scanning complex’s global rules/filters/templates and vendor rulepack updates. Including but not limit to re-certification activities, change impact analysis, effectiveness assessments, and release tests for the crucial application security components
  • Drive the vulnerability remediation efforts including identifying the vulnerability scenarios through the SSAP static scanning report, determining the remediation methodologies for the issue, coordinating task force formed by different LOB members, and delivering the remediation run book to be shared by the AD communities
  • Provide expertise and support for security practices and controls in the rule development and deployment process (i.e. threat modeling, static scanning, native configuration checking, and pen testing)
  • 5+ years of hands on application security experience
  • Understanding of static code analysis tools principles and practices (i.e. HP Fority, IBM Appscan Resource, Pylint, RATS, Veracode, BlackDuck) with experience providing development teams tangible guidance to remedy vulnerability defects
47

Application Security Review Assistant Manager Resume Examples & Samples

  • Support the Internal Control Manager in leading the Sarbanes Oxley ( SOX) compliance agenda in relation to ERP Security, access and SoD conflict management procedures
  • Drive ERP organizational alignment activities, process and role design standardisation across various GBS, Business Process Outsourced (BPO) and business operation teams for all supported ERP systems through establishment and leading projects and ad hoc support/advisory
  • Perform all standard ASR CETO accountabilities as outlined in the SOX compliance policy
  • Ensure all Segregation of Duties (SoD) violations from all user groups (including OSP and IT&S) have appropriate BP finance approval of the SoD violation and mitigating control
  • Manage the relationship with the OSP and support structure with regards to the ASR activities
  • Ensure that the appropriate processes and procedures are in place
  • Coordinate all CET Sub-Owners Sign off as part of the annual assurance
  • Bachelor’s Degree in Finance, Accounting or related field
  • Minimum of 6 – 8 years of experience in finance or accounting and/or ERP application security reviews
  • Solid understanding and experience of ERP (SAP, JDE) technical background
  • Strong communication skills – both written and verbal
  • Must be a team player and able to work with and through others
  • Able to work effectively at all levels in an organisation
  • Strong analytical abilities - demonstration of the ability to apply logical thinking to gathering and analysing information, finding solutions to problems and formulating plans
  • Ability to influence others and move toward a common vision/plan
  • Readiness for action and ability to work under pressure
48

Application Security Review Assistant Manager Resume Examples & Samples

  • Demonstrated relevant ERP expertise i.e.: Application owner, ERP developer, ERP security expertise
  • Experience in large-scale organisation’s ERP architecture design and implementation
  • Experience of working in project environment – ideally with knowledge of key project management tools such as planning, risk management and communications
  • Previous experience in SoD conflict management / Application Security Review/ Internal Audit is key to be able to effectively deal with compliance and risk management activities
  • Experience in working in a continuously changing environment with many conflicting priorities
  • Experience in Global Business Service methodologies, processes and practices
  • Experience supporting and implementing strategic plans across a team
  • Experience of large-scale organisational change efforts, leading projects
49

IBM Application Security Front End Developer Resume Examples & Samples

  • English (Fluent)
  • Experience with front-end technologies (JavaScript, HTML5, CSS)
  • Experience in writing clear, consistent, simple to use interfaces
  • Experience with Windows, Linux and/or MacOS operating systems
  • Experience in full-stack development (UI/UX, API design, database)
  • Knowledge of Application Security concepts
50

Web Application Security Manager, VP Resume Examples & Samples

  • Provide superior management to a team of web application security specialists
  • Act as the subject matter expert for Enterprise Information Security (EIS) and the firm on web application security
  • Act as the subject matter expert for the firm on all aspects of dynamic scanning
  • Be the individual responsible for the entire Enterprise wide dynamic scanning program and all its components
  • Provide thought leadership and execution around dynamic scanning, its implementation, governance, reporting, strategy, issue tracking, remediation, evolution, and BAU evergreen process
  • Build and develop a team of expert level application security engineers
  • Architect a dynamic scanning solution
  • Build and drive the Enterprise program around dynamic scanning and overall web application security
  • Implement and manage an Enterprise wide dynamic scanning solution
  • Own the policies and standards around dynamic scanning
  • Own the components of the SDLC related to dynamic scanning
  • Build out an onboarding and evergreen process around dynamic scanning
  • Design the control requirements around dynamic scanning
  • Manage and design the issue management around web application vulnerabilities, their tracking, reporting, metrics, resolution, and validation
  • Create and maintain the metrics around dynamic scanning at the program level as well as for individual applications
  • Create and maintain all metrics related to dynamic scanning
  • Drive visibility around web application vulnerabilities
  • Own governance of remediation timelines, strategies, solutions as the associated reporting and metrics
  • Examine current dynamic scanning practices and identify key risks, then execute programs to address them
  • Ensure dynamic scanning is aligned with regulations such as SOX, PCI, and GLBA
  • Lead large scale programs that span the enterprise to deploy and manage dynamic scanning solutions
  • Understand the risk appetite of the firm and appropriately manage security within these parameters
  • Exceptional manager with proven track record of excellence around managing and building a team of security experts in the field of web application security and dynamic scanning
  • Deep experience building out and managing an enterprise wide dynamic scanning program
  • Subject matter expert in all facets of dynamic scanning and web application security
  • Subject matter expert in application security
  • Strong desire to build a best in class program
  • Exceptional ability to execute and drive change
  • Knowledge of GLBA, PCI, and SOX requirements
  • Experience in creating trending, metrics, and management reports
51

Application Security Assessment Analyst Resume Examples & Samples

  • BA/BS in Engineering, Computer Science, Information Security, or related work experience
  • 1 - 3 years of experience developing web and mobile applications preferred
  • 3+ years of professional experience
52

Application Security Assessment Expert Resume Examples & Samples

  • 3-5 years of experience developing and mobile applications
  • Experience with iOS or Android SDKs frameworks and software architecture
  • Knowledge of Objective-C, Java, and JavaScript programming languages
  • Proven experience with vulnerability assessment tools such as Fortify Source Code Analyzer or equivalent tools
53

Senior Application Security Risk Specialist Resume Examples & Samples

  • Lead application security and control assessments and leverage expertise, industry best practice, and corporate policies and standards to evaluate security and control effectiveness
  • Effectively report and communicate results and appropriate corrective action to varying levels of management
  • Evaluate Risk Acceptance Forms for policy or control deviations and identify mitigating controls and risk rankings
  • Lead project risk assessments to identify IT control gaps, document findings and suggest remediation activities
  • Contribute to the oversight and management of the company’s Application Inventory and application risk ranking process
  • Use GRC and desktop tools to conduct risk assessments and support various activities, initiatives, and projects
  • Research industry trends, identify ongoing security and control requirements, analyze security risk management tools such as Archer and Agiliance RiskVision for continuous improvement
  • Contribute to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge
  • Refine process documentation to align with Regulatory requirements and best practices as noted through organizations such as NIST, COBIT, BITS SIG, ISO
  • Provide reporting and metrics that ensure the quality of the program’s services are meeting business objectives
  • Excellent organizational, time management, collaborative, written, presentation and verbal skills
54

Application Security Risk Lead-cyber Security Resume Examples & Samples

  • Provide thought leadership and offer innovative ideas and solutions to resolve systemic software security issues
  • Provide subject matter expertise and governance on information security standards and control procedures. Liaise with Line of Business (LOB) cyber leads, risk managers, and other internal JPMC teams to maintain and enhance information security management program and to improve the firm’s overall risk posture
  • Lead and participate in cross Line of Business working groups and committees to review and approve proposed changes in application security related controls e.g. controls assessments etc
  • Success will be measured by the comprehensiveness of associated standards and controls and the ability to mitigate emerging threats
55

L Oreal , IT Application Security Manager Resume Examples & Samples

  • Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques
  • Performs security testing and code review to improve software security
  • BS or higher degree in Computer science, Information Security, or equivalent experience
  • 5+ years of professional experience in IT security, compliance and risk management, including privacy, data protection, security controls, etc
  • 5+ experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, and PCI DSS
56

Managing Principal Application Security Resume Examples & Samples

  • Develop strong and lasting relationships with clients, effectively sell follow-on work to clients, assist sales in selling new business to clients, ensure contracts are properly managed, and serve as an effective escalation point for client issues and problems on engagements
  • Provide client support to multiple clients from account planning to sales, delivery, and follow through
  • Balance client services with effective resource utilization
  • Possess sufficient knowledge in applications security so it is appropriately perceived by the client that you exude credibility and are the key decision maker
  • Select, build and lead a team to achieve and attain client satisfaction
  • Provide motivation, career development, and guidance to a team of consultants located primarily at client sites
  • Make hiring, termination, salary and promotion recommendations
  • Influence Synopsys' risk management efforts by providing business perspective and ensuring efforts permeate throughout risk management activities
  • Oversee the accuracy, completeness, and compliance to internal and external expectations of the project deliverables
  • 5+ years running a Security Consulting/Professional Services practice
  • 10+ years selling consulting services, with some experience selling security consulting services (preferably application security, but network, IT, etc. acceptable)
  • Prior P & L responsibility for minimum $2M budget
  • 10+ years managing and leading software engineering and/or security consulting teams and executing projects consistently & successfully
  • Confident, highly effective proven relationship builder
  • Proven ability to grow a practice 30-40% annually
  • Sufficient applications security knowledge to effectively communicate the value of our services to the client and translate that to revenue
  • Understanding of software development processes, technologies, architectures, and practices, and software risk management
  • Willingness to travel as needed (~ 35%)
  • Portfolio of relevant potential clients (financial services companies, etc.) is a plus
57

Senior Consultant, Application Security Resume Examples & Samples

  • Optiv maintains an international client base which allows us to locate consultants across the country and around the globe. However, if you would be willing to relocate to one of our preferred US locales we do offer relocation assistance
  • Able to demonstrate a comprehensive application testing methodology. This means that you can go off a work plan that covers A-Z in terms of potential issues. This can be a problem for people that are used to run tool->get results or hunt and peck style testing
  • Mobile application testing. You should understand the threat classes for mobile apps and preferably have performed assessments of mobile application on the iOS, WinPhone, and Android platforms
  • Threat Modeling and SDL processes, as per the MS guidelines
  • Secure SDLC for Agile / DevOps
  • SQL
  • Java
  • Swift
  • We don't have an official scripting language, but the team generally tends to work in Ruby or Python for project tools
  • Home appliance hacking (thermostat, washer/dryers, refrigerator, baby monitors, home security cameras)
  • Automotive - especially with Chevrolet’s heavy marketing towards the Wifi kid friendly car
58

Application Security Resume Examples & Samples

  • Demonstrated experience with Web Application and Infrastructure Penetration Testing
  • Expert knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
  • Experience with application security code review practices, methods, and guidelines such as OWASP Top Ten
  • Experience with HTML and Javascript along with a solid understanding of HTTP protocol
  • Knowledge of cloud-based infrastructures and how they affect security needs (familiarity with Azure is a plus)
  • Experience using vulnerability assessment tools/platforms such as Veracode, Burp Suite, Paros, Metasploit, and BackTrack/Kali
  • Experience assessing applications handling sensitive data related to PCI, SOX, HIPAA, etc
  • Bachelor's Degree in Computer Science, Management Information Sciences, Mathematics, Engineering, Business, or area of functional responsibility preferred, or a combination of equivalent education and experience
  • 6-8 years hands-on experience and demonstrated expertise with security platforms and tools such as firewalls, intrusion detection and prevention and penetration testing
  • Previous leadership in security architecture design initiatives
  • Knowledge of SQL and prior experience with programming in one or more server-side technologies such as PHP, ASP.Net etc
  • Understanding of malware such as worms, virii, Trojans
  • Knowledge of crytopgrahic tools or security APIs
  • Experience using Agile software development
  • Experience with assessing applications with international data security/privacy requirements
  • Ability to effectively prioritize, delegate and execute tasks in a high-pressure environment
  • Excellent written, oral, and interpersonal communication skills
59

Senior Application Security Manager Resume Examples & Samples

  • Application Security - To ensure that application and product architecture, configuration, access controls, auditing and monitoring meet the Bank’s security requirements and comply with all applicable regulations
  • Database Management System Security - To ensure that Database Management Systems architecture, configuration, access controls, auditing and monitoring meet the Bank’s security requirements and comply with all applicable regulations
  • Security Liaison for Application Projects - Support project teams in defining security requirements at appropriate times within the development life cycle and to assist in the identification, testing and implementation of 'best practice' security solutions
  • Web Application Security - compliance, auditing, testing, web application pen tests, application configuration reviews etc
  • Security Assessments - conduct security assessments for web and other applications; communicating recommendations as it pertains to security threats, countermeasures, security tools, and network technologies
  • Secure coding - standards definition and monitoring of compliance with secure coding practices
  • Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them
  • Understanding of security frameworks (i.e. NIST, ISO 27001/2, COBIT)
  • Knowledge of European and North American legal and regulatory requirements
  • Experience with multiple languages such as Java, PHP, etc. and understand how to detect and mitigate related security issues and/or gaps
  • Ability to automate security assessment within the SDLC by using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques
  • Understanding of cryptographic processes such as key management, seeding, and PKI
  • Experience of securing operating systems (Linux (RedHat), AIX, HP-UX, Linux (RedHat), Microsoft Windows (Server/Workstation) and Active Directory
  • Firm understanding of enterprise class application architectures that are highly scalable
  • Experience with securing database management systems (Oracle and SQL Server)
  • Experience with securing application technologies (Generic application controls)
  • Experience with integration and application infrastructure software (eg Websphere Application Server, Websphere MQ)
  • Understanding of the business processes and associated risks enabled by the IT solutions (eg cash management, foreign exchange, money market, loans, trade finance, settlement, risk management, financial accounting and management reporting)
  • Ability to present effectively to different types of audiences
  • Ability to manage time and tasks effectively
  • Ability to articulate thoughts and recommendations both in written and verbal format to both IT staff and business staff
  • Ability to interact effectively within matrix management structures
60

Software Engineer, Application Security Resume Examples & Samples

  • Analyze application threats and vulnerabilities to determine security impact
  • Build technologies to detect and prevent application security vulnerabilities
  • Consult with development teams to ensure security is built into the application stack
  • Perform application level penetration testing
  • Convey complex technical information in a clear and concise manner
  • BA/BS in Computer Science or related discipline (recent graduate or Senior pursuing degree)
  • Elective courses or projects focused on Cyber Security is a plus
  • Knowledge of Core Web technologies: HTML, CSS, JavaScript, HTTP, SSL/TLS
  • Capable of understanding application vulnerabilities such as the OWASP Top 10 and recommending solutions
  • Strong development skills with a high degree of proficiency in at least one programming or scripting language
  • Ability to work on multiple projects at a time
61

Director, Application Security Resume Examples & Samples

  • Define and promote the best practices in secure development to the developer globally and continually refine the secure coding standards in conjunction with the development and architecture teams
  • Govern the implementation of application security program across MetLife globally. Collaborate with large group of stakeholders to maintain and improve the efficiency and effectiveness of the application security program which includes the continuous global delivery of multiple program components by directly and indirectly managed teams and third party providers
  • Manage and maintain a large scale application testing effort which includes internal resources, 3rd party vendors, processes and tools for servicing all of MetLife’s global applications. Continually refine the application security testing requirements, methodologies and workflow
  • Steer the remediation efforts of application vulnerabilities, providing guidance and coaching where necessary to development teams on the best approaches with vulnerability remediation activities
  • Provide visibility to the state of application security in the organization via metrics reporting and internal briefings, also to liaise with external/internal auditors on application security subjects
  • 10 years+ of experience in application security related areas with in-depth knowledge of managing resources and projects globally
  • Prior experience in a global multiple stakeholders environment is a requirement
  • Knowledge on the discovery of vulnerabilities in applications, including the technologies, methodologies and enterprise workflow to support the activities
  • Industry certifications such as GWEB, GWAPT, CSSLP, CISM strongly preferred
  • Advanced understand of traditional software development lifecycles and more recent models of Agile and DevOps
  • In-depth technical knowledge on securing applications including the strategic and tactical fixes for common vulnerabilities and competent knowledge with industry standards in application security such as the SANS SWAT checklist and OWASP Top 10
  • Experience with IT process excellence and six sigma/lean certification preferred
62

Application Security Service Delivery Lead-plymouth Resume Examples & Samples

  • Predicts emerging application team needs and develops innovative service delivery solutions to meet them
  • Participates in the development of the ASM Application Security Testing team strategy
  • Translates highly complex concepts in ways that can be understood by a variety of audiences
  • Influences senior leadership to adopt new ideas, products, and/or approaches concerning application/network security
  • Act as the central intake for internal/external customer inquiries
  • Manage workflow and task priority for Application Security Test teams
  • Develops and maintains reporting metrics for Application Security Test team capacity and utilization
  • Define and implement Service Delivery workflows to optimize internal team operations
  • 3+ years of experience in the IT industry (system administration, software development, etc.)
  • Knowledge of security testing methodologies
  • Experience/understanding of OWASP
  • Ability to solve problems independently
  • CISSP, CEH, GIAC and/or other Security-related Certification
  • Demonstrated collaboration skills
  • Demonstrate understanding of the relationship between security policies/standards and other control mechanisms
  • Define/implement exceptions to established security policies and controls in order to meet business requirements, as appropriate
63

Senior Engineer, Application Security Resume Examples & Samples

  • Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing
  • Standards and Policies -Maintains and contributes to Application Development Security Policies and standards
  • Secure Design – Establishes security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases
  • Tool Management – Implements and maintains cutting-edge technology to assess application and infrastructure security using static code analyzers, dynamic testing tools and vulnerability scanners
  • Developer Education –Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities
  • Documenting and effectively publishing technology guidance and repeatable processes
  • Mentoring peers in groups and individually
  • Improving processes and introducing superior technology
  • Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices
  • University degree in Computer Science, Engineering, MIS, CIS, or related discipline
  • Hands-on experience with Systems Administration and/or IP Networking
  • Software engineering experience in Java, C++, and/or related languages
  • Experience in an exchange, trading facility, or financial services
64

Application Security L Imts Technical Lead Blr Resume Examples & Samples

  • Good understanding of secure software development lifecycle processes across technologies
  • Dot Net and Java knowledge / experience
  • Good communication skills and Assist customers and internal teams in defining and responding to RFPs / RFIs
65

AWS Application Security TPM Resume Examples & Samples

  • Bachelor's Degree in Computer Science or related field. In lieu of degree, additional years of experience may be substituted
  • Prior working experience in a Software Development Team
  • Experience working with stakeholders across many functions.* Experience interpreting and communicating analytics
  • Security architecture experience within a professional services firm or similar environment
66

Web Application Security Internship Resume Examples & Samples

  • Experience with OWASP and CWE
  • GPA 3.3 or higher
  • Any of the following certifications: CISSP, CEH, GPEN or equivalent
  • 3DS is committed to a policy of non-discrimination and equal opportunity for all employees and qualified applicants without regard to race, color, religion, gender, sex (including pregnancy, childbirth or medical or common conditions related to pregnancy or childbirth), sexual orientation, gender identity, gender expression, marital status, familial status, national origin, ancestry, age (40 and above), disability, veteran status, military service, application for military service, genetic information, receipt of free medical care, or any other characteristic protected under applicable law. 3DS will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law
67

Application Security Senior Specialist Resume Examples & Samples

  • Understanding of security environment across multiple disciplines for applications
  • Developing an execution strategy to protect the IT assets of the firm from external threats
  • Understanding of products and service offerings in the application development area that analyze potential security weaknesses or vulnerabilities in application code
  • Writing, communicating, facilitating, and presenting technical and financial data to and/or for all levels of industry audiences, internal staff and management
  • Understanding of vulnerabilities and sources of threats, results of risk assessments, and current security state to translate these into complete threat and vulnerability management solutions, and,
  • Leading, developing and maintaining processes to enhance organizational effectiveness
  • Leading Application Security Services and providing direction to direct and lead virtual teams
  • Developing and strengthening relationships outside the functional team, focusing on understanding the needs of those who depend on the team’s services and those who deliver services on which the team depends; and,
  • Understanding in engagement management and reporting including project planning, budgeting and tracking engagement progress
68

ERS Consultant / Am-application Security Resume Examples & Samples

  • Experience in information security and application security controls
  • Should have played a lead role in client engagements (global exposure) and should be delivery focused
  • Exposure to BFSI domain
  • Information Security Audit
  • Penetration Testing - Network, Host, Applications (Ethical Hacking)
  • Vulnerability Assessments - Network, Host, Applications
  • Security in SDLC (Application Security)
  • Operating System and Application Hardening
  • System security and controls, including
  • Firewall design and implementation (NOT Administration)
  • Encryption technology design and Implementation
  • Network configuration and administration
  • Security auditing techniques
  • Technologies like IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun Net Manage, Cisco Works, Radius, Big Brother, F5
  • Strong experience in designing and deploying Security Incident and Event Management (SIEM) solutions (Archsight)
  • Experience with content filters, Encryption solutions (RSA)
  • Team Management skills
69

Application Security Risk Manager Resume Examples & Samples

  • Drive the comprehensive and successful execution of the organization’s cybersecurity risk management program in an efficient and effective manner
  • Manage, maintain, and enhance the organization’s Governance, Risk and Compliance (GRC) infrastructure
  • Manage the Risk Register
  • Oversee and collect, assess, investigate, triage, prioritize, track, verify, and promote the timely resolution of security risks, in accordance with organizational policy
  • Establish an effective approach to collaborating and communicating risk with business and technical stakeholders to ensure that risks are clearly characterized, effective remediation plans are established, remediation milestones are met, and risk acceptance processes are appropriately followed
  • Success requires an understanding of the processes used and challenges faced by those directly responsible for remediating risks, and the ability to effectively negotiate and collaborate with those teams to establish mutually acceptable timelines and then ensure those milestones are met
  • Manage and operate the third-party risk management program, including collecting and reviewing information and artifacts from third-parties, analyzing risks, presenting findings to FINRA business teams, and supporting negotiation of any necessary contract security provisions
  • Oversee the correlation and analysis of security data, such as vulnerability and threat service feeds, security tool output, and configuration management system data, to identify, evaluate, and prioritize remediation of potential risks
  • Oversee IT Security Compliance of selected systems with FISMA, NIST SP800-53, PCI-DSS, and DOJ CJIS
  • Benchmark risk management practices of comparable organizations, monitor the legal and regulatory environment, and manage the FINRA Risk Management program to appropriately incorporate best practices and relevant regulatory requirements
  • Generate metrics that drive management and minimization of overall portfolio risk
  • Report regularly on risk management status, trends, and opportunities for reducing risk
  • Oversee preparation and delivery of written and verbal communications in a professional and persuasive manner
  • This may include security assessment reports, status reports, training briefings, etc
  • Manage security services vendors, such as penetration testing services, including the RFP process, vendor evaluation/selection, contract negotiation, and execution management
  • Supervise a small team of risk and compliance analysts
  • Participate in, and support initiatives as directed by departmental management
  • Bachelor’s degree with a focus on IT or IT-risk-related disciplines (e.g. security, privacy, compliance) seven years of related experience; past financial services industry experience a plus
  • CRISC or a similar risk management certification is a plus. CTPRP is also a plus
  • Five years’ Advanced degree may be considered to partially meet this experience requirement
  • Managing the IT Security risk register for a distributed mid-size organization with dozens of stakeholders
  • Implementing and administering a third-party/vendor risk management program handling on the order of a hundred vendors
  • Solving problems through effective collaboration and development of effective working relationships across business and technical teams
  • Success as a persuasive negotiator, to reach consensus on differing views of risk and to facilitate commitment on remediation strategies, milestones, and risk acceptance where appropriate
  • A solid understanding of the nature of IT risks across multiple IT disciplines (e.g. systems and servers, desktops, network, software development, cloud, etc.)
  • The use of tools such as Excel to analyze and aggregate risk data
  • Strong written and verbal communication skills with the ability to communicate in a compelling manner with business and technical stakeholders in one-on-one as well as group presentations
  • A strong attention to detail; well organized and thorough
  • Successful handling of competing priorities
  • Excellent planning skills
  • Experience with the following is a plus
  • Managing compliance with FISMA, NIST SP800-53, PCI-DSS, and DOJ CJIS Rsam GRC Platform
  • The Shared Assessments third-party risk management methodology. Also third party risk management solution providers (e.g. Prevalent.)
70

BA, Application Security Resume Examples & Samples

  • Reduction in cost base; on-going efficiency improvements; greater process standardization
  • Market-driven agenda with focus on growth priorities Outstanding service & customer satisfaction
  • Stronger compliance and controls
  • Providing input into architecture security policies, standards and procedures
  • Partnering with service delivery teams to create the application, data and technology designs from a security perspective for new services and capabilities
71

Application Security Assessment Specialist Resume Examples & Samples

  • Application security solutions and Web hosting architecture and principles
  • Common networking protocols and services and their relevant security issues
  • Risk assessment/acceptance factors that can affect business and security decisions; and,
  • Business processes and drivers that can affect system design
  • Analyzing application security vulnerability and executing process
  • Using assessments of vulnerabilities and sources of threats and current security guidance
  • Collaborating with teams to identify opportunities and provide recommendations on how application security can be built into project development
  • Interacting with project management team members and vendors on application projects
  • Reviewing application threat vulnerability assessments on application development projects
  • Implementing strategy for application threat vulnerability review and remediation
  • Identifying and documenting complex business cases to assist in gaining internal support to implement security solutions; and,
  • Monitoring vendor application development processes
72

Rohq-riso-application Security Regional Program Lead Resume Examples & Samples

  • Ownership and development of mechanisms to ensure that sectors take full ownership of their portion of the program
  • Clear and thoughtful management and a regular exchange of technical information at the global level to support the program's overall management and direction
  • Lead coordinated activities in all sectors and ensure the collection and dissemination of data/metrics in a timely manner
  • Work with Sectors in an advisory manner
  • Primary issue management lead - follow up and regular escalation
  • Exception Process point person
  • Monitoring and tracking of issues and threats at a global level
  • Work closely with the Vulnerability Assessments team and with different business sectors within Citi to raise awareness on Application Security and implement an end-to-end Secure SDLC program within the region
  • 7+ years work experience in Program/Project Management, Information Security and Controls
  • In depth Application Development (SDLC) knowledge or work experience
  • Experience in Information Security including Application Security
  • Good knowledge of programming frameworks (e.g. J2EE and .NET) as well as familiarity with client server and web application technology implementation and integration
  • Good knowledge of development methodologies (e.g. Agile, Waterfall, etc.) Familiarity with development tools and processes, including Application Lifecycle Management, Integrated Development Environment and Build Engines
  • Be able to drive and advance the state of the Secure SDLC Program within Citigroup regionally
  • Exposure/familiarization of various Information Security Programs, Policies, Standards governing Information Security within Citi, including Regulatory Compliance from various Asia Pacific regulators
  • Relevant professional training and/or certification (CISSP, CSSLP, CISA, SANS)
  • Strong background in risk and threat assessment methodologies
  • Experience in deploying and managing a security software assurance program is a plus
  • Excellent organizational, analytical, leadership, verbal and written communication skills are essential
  • Strong risk analysis and problem solving skills needed
  • Must be a forward thinker
73

Application Security Lifecycle Specialist Resume Examples & Samples

  • Develops an introductory awareness of a subset of application threats and trends
  • Research in application security
  • Establishes a basic understanding of current events and standards in the security community
  • Applies knowledge of application security testing tools, practices and validation methodologies
  • Applies basic understanding of security controls in accordance with business requirements
  • Will support general application security engagements to assist in improving security
  • Technical bachelor's degree and typically 2 or more years' related work experience or a Master's degree or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study
  • Must understand full stack application development
  • 1+ years of application software development experience on an enterprise system
  • Web services/mobile software development experience
  • More than 1 year of experience do you have performing programming and coding
  • Current or previous years of security development experience
  • Experience with operating system security and/or application security
74

Implementation of the Application Security Under Unix Resume Examples & Samples

  • Experiences of the security of UNIX (SLES, RedHat, HPUX, Solaris) operating systems
  • Experiences in the application of best practices and principles of information security
  • Knowledge of the principles of security
  • Scripting knowledge (bash, ksh, sh, perl, etc.)
  • Knowledge of the security of the Windows operating systems (2008/2012) is an asset
  • Experiences of working in a large company
  • Teamwork, autonomy, managing time and priorities, work under pressure
75

Implementation of the Application Security on Windows Resume Examples & Samples

  • Experiences of the security on Windows 2008/2012 platforms (Active Directory, GPO)
  • Experiences in the application of information and communications security best practices
  • Knowledge of security software (CyberArk, Tripwire, RSA, PKI Microsoft)
  • Knowledge of cryptography
  • Knowledge of safety of operating systems Unix (SLES, RedHat, HPUX, Solaris) is an asset
  • PowerShell knowledge is an asset
  • Relevant experience totaling more than 8 years
  • Knowledge of the processes of ITIL (change, incident, and problem)
76

Principal Application Security Enginer Resume Examples & Samples

  • Web application security assessments (XSS, CSRF, SQL-Injections, etc. via manual testing)
  • Web vulnerability scans
  • Asset identification, network discovery, and software inventory
  • Identification of misconfigured software
  • Assessments of patching program effectiveness
  • Participation in incident response and remediation efforts
  • Analysis of hacking, penetration and defense threats
  • Maintenance of relevant exploit databases
  • Infrastructure assessments and pen-testing and vuln. assessment
  • BS degree in computer science, related discipline or equivalent experience
  • Minimum of 5+ years of relevant experience, additional years a plus
  • Thorough understanding of Networking Protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
  • Hands-on experience using a major Enterprise Web Scanning Tool: e.g., HP WebInspect and/or IBM Appscan, Webinspect, Accunetix, NTO Spider etc
  • Familiarity with one major SAST tool or service (Veracode and/or HP Fortify)
  • Familiar with vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques
  • Complete Familiarity with the Open Web Application Security Project (OWASP)
  • Some experience with Code reviews of Perl, Python, Ruby, Java, HTML, CSS, ASP, ASP.NET, Cold Fusion, Oracle, T-SQL, SQL and other languages and identification of code logic flaws
  • Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies
  • Familiar with host and vulnerability discovery strategies, processes, and best practices
  • Familiar and have had pen-tested experience against Windows, Linux, OSX, and mobile platform environments
  • Familiar and have had pen-testing experience against common network topologies and implementations (e.g., Infrastructure, DMZs, Zones, Wireless, etc.)
  • Familiar with Network scanning (e.g. Qualys, Nexpose, Saint, Rapid7 etc.)
  • Prior programming experience
  • Familiar with common security implementations and their associated gaps (e.g., Active Directory, OpenLDAP, Centralized DNS, PKI, SSL, SAML, OAuth, REST, SSO, OpenID 2.0/OpenID Connect etc.)
  • Experience with Cold Fusion, PHP, ASP.NET, VB 6, VB.NET, T-SQL, Postgres, PL/SQL/MySQL, HTML, jQuery, JavaScript and AJAX
  • Familiar with network penetration testing tools, processes, methodologies, and strategies
  • Familiar with security exercise tools, processes, methodologies, and strategies
  • Certified Ethical Hacker (CEH), Licensed Penetration Tester (LPT), CISSP, or related certifications a plus
77

Application Security Assessment Associate Manager Resume Examples & Samples

  • Lead application assessment resources conducting security assessments targeting mobile and web applications
  • Lead new security initiatives including creation of new assessment frameworks based on the business needs
  • Manage remote resources conducting security assessments and providing reviews on final deliverables
  • Conduct application assessments using customized work plan to address key risks of the engagement
  • Set assessment scope for new solutions acquired by Accenture
  • Identify assessment findings and recommend remediation
  • Train security resources on conducting application and cloud assessments
  • Track and confirm closure of findings
  • Minimum of 5 years hands-on application Security Assessment experience (i.e. assessment review, technical checks, automated scans, checking for policy violations and code vulnerability, etc.)
  • Minimum of 2 years’ experience with conducting hosting assessments
  • Strong understanding of the application development life cycle
  • CISA or CISSP certification
  • Ethical hacker certification
  • Excellent leadership and interpersonal skills
78

Application Security Assessments Lead Resume Examples & Samples

  • Bachelors in computer science
  • 8+ years of experience in application development
  • One or more security certifications
  • Technical depth and expertise in application security technologies
  • Deep knowledge of application security threats
  • Experience with SW security threat vectors, threat modeling, attack surface analyst, penetration testing and vulnerability assessments
  • Background in system design
  • Strong knowledge in database design
  • Strong written, verbal communication skills
  • Ability to translate complex technical topics for non technical personnel and senior leadership
79

Technical Architect, Application Security Resume Examples & Samples

  • Drive key architecture in the areas of overall application security
  • Provide security requirements and design input for implementing Application Security solutions and drive compliance to best practices
  • Maintain related policies and procedures to ensure alignment with applicable regulations and industry standard best practices
  • Responsible for creation/design of security architecture solution in collaboration with other departments including Enterprise Architecture to provide expert application security architecture analysis & support
  • Perform Application Security risk assessments
  • Participate in security code review across a variety of programming languages
  • Participate in security testing process. Identify and remediate security bugs across platforms, perform periodic penetration tests, confirm and prioritize remediation of discovered security vulnerabilities
  • Coordinate third party testing engagements
  • Recommend secure Software Development Lifecycle (SDLC) process improvements
  • Coordinate development and delivery of application security education, best practices and awareness to SDLC stakeholders
  • Support SDLC documentation
  • Executive/consultative communication skills, very strong analytical and troubleshooting abilities
  • Strong working knowledge of and proven ability to rationalize/implement industry standard best practices, architectures, tools, processes and regulations
  • Understand business drivers and integrate these requirements into overall application security architecture and design
  • Effectively communicate security objectives to development, product teams, and third parties
  • 10 years of relevant experience
  • Proficient in Java programming including Java Servlets, JSP, J2EE, Spring
  • J2EE applications and infrastructure, IBM WebSphere Application Server, WebSphere Portal, BEA Weblogic solutions
  • Familiarity with application frameworks and their built-in security services and API's (i.e., Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
  • Subject matter expert in the area of security architecture design and principles including confidentiality, integrity, availability and cloud solutions
  • Subject matter expert of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (e.g. OWASP)
  • Proficient with application authentication and authorization systems (i.e., CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)
  • Knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)
  • Proficient understanding of network and data communications technologies
  • Application security analysis & design
  • Security reviews
  • Experience with application security source code reviews and review assessments
  • Certificates or Licenses: Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, MCSE, CCNP)
80

Application Security Solution Senior Manager Resume Examples & Samples

  • Collaborating with system delivery teams to communicate security architecture impact on platforms and systems
  • Creating and maintaining strategic business relationships; and,
  • Working across functions to define security architecture standards while applying enterprise vision and governance
  • Establishing recommendations that define the strategy of the firm's security architecture driving its execution by working closely with security architects and PwC IT
  • Providing input and contributing to software platform definition, maintenance and evolution; and,
81

Application Security Technical Lead Resume Examples & Samples

  • Provide security assurance for essential GBS portfolio projects and manage the security assurance portfolio tracker
  • Provide strategy and oversight for a comprehensive security testing program (vulnerability management, application scanning, & penetration testing) for critical applications
  • Mobilize and activate risk mitigation programs
  • Ensure least privilege application access to new applications based on principles in the Role Design Standard and Role to Position Mapping
  • Develop, maintain, and apply secure coding practices
82

Application Security Development Analyst Resume Examples & Samples

  • Stay updated on the development around data privacy and information risk
  • Risk management, provide security guidance to the company including IT colleagues
  • Support and actively drive remediating activities
  • Represent market application in ensuring security is continuously updated
  • Participate in information security audits
  • Coordination of external partners involved in relevant activities
  • Lead data privacy dialogues and represent the Market Applicaton Services team
  • Document and maintain technical solution requirements for security aspects
  • Coach application teams on “built-in” information security
  • Experience in different programming languages
  • Quality oriented with high documentation and presentation skills
  • Ability to act and take decisions based on risk evaluation. Balancing risk acceptance with putting clear requirements on the SCA organization including IT colleagues
  • A team-player who is self-motivated with a positive attitude
  • More than 3 years of experience with exposure to security relevant topics, preferable in the application development area
83

IT Consultant, Application Security Resume Examples & Samples

  • Broad Information Security knowledge, covering the security domains within the scope of ISO 27001
  • Education to degree level in IT related discipline, or equivalent experience
  • 5 years of experience in Information Security, Threat and Vulnerability Management, or Risk Management
  • CISSP, SANS GIAC Certifications (e.g., GMOB, GPEN, GWAPT, GSNA), and/or CEH
  • Background in more than one of the following: vulnerability management, incident response, security assessments, web / mobile application coding, secure code review, application security concepts (input validation, HTML encoding, parameterized queries) application penetration testing, manual ethical hacking
  • Understands information security risks, preventive measures, incident management, and threat management at a high level
  • Familiarity with intercept proxy tools such as Paros, WebScarab and Burp
  • Familiarity with Open Web Application Security Project (OWASP) Top Ten (for web and mobile), Web Application Security Consortium (WASC) Threat Classification, and CWE/SANS Top 25 Most Dangerous Programming Errors
  • Familiarity with web and mobile application testing tools such as WebInspect, AppScan, Accunetix, Rapid7, Qualys, SamuraiWTF
  • Experience detecting security issues such as Cross Site Scripting, SQL Injection, Parameter Manipulation, Forceful Browsing, Privilege Escalation, etc
  • Familiarity with XML, SOAP, and Ajax
  • Understanding of Lean Sigma principles and ITIL
  • Perform automated vulnerability scanning of web and mobile applications. Review scan output, identify and eliminate false positives using manual testing techniques. Prioritize response to vulnerabilities to ensure GSK's web and mobile applications and data are protected
  • Advise and negotiate with global customers and third party developers to explain complicated application security issues and potential business impacts to developers, project leads, and business customers and recommend suitable mitigation approaches
  • Influence third party testing vendor to address service issues and implement improvement opportunities
  • Manage relationships and communications with central services, business unit and local IT staff
  • Analyze discovered vulnerabilities within the web and mobile applications and, based on data sensitivity and application criticality, assign risk score and work with application owner to drive remediation
  • Actively contribute to information security projects
  • Deliver training and awareness in conjunction with senior staff
  • Maintain excellent customer engagement and relationships, listening to voice of the customer and fostering a customer-centric environment where process and service improvement is in-built
  • Assist in design of processes, procedures and services to support the work of the AHDS group
  • Monitor service metrics, identify gaps and propose improvements
  • Manage relationships and communication with third party security testing partners
  • Assist with developing and reviewing new security architectures, strategies, standards and proposals
  • Demonstrate solid domain competency in the field of information security, including information security principles, technology and tactics
  • Provide recommendations to AHDS LT and InfoProtect project, on further improvements in the area of application security space based on ongoing review of internal processes and services
84

Developer Security Trainings & Application Security Control Library Resume Examples & Samples

  • You are extending the Security Architecture, Training & Consulting team and are contributing to secure SDL by working on security trainings and Application Security Control library
  • You are part of the team defining and implementing the Application Security Control library to support SAP’s development to build and run secure products and cloud services
  • You are quickly taking over responsibility for our joint efforts and consult development and operations teams about secure SDL and Product Standard Security
  • University degree (Bachelor or Master) in Information Technology, Computer Science, Engineering, Mathematics, Natural Science or a related discipline
  • Good programming skills in one or more programming languages
  • Strong analytical and logical skills
  • Ability to work in an international team
  • Preferred skills
  • Interest and optionally already knowledge in the areas of software security and/or cryptography
  • Hacker mindset, security risk awareness and security know-how
  • Understanding of Cloud and Cloud Technologies
  • 1+ years of professional experience in the area of software development
85

Expert, Application Security Resume Examples & Samples

  • Define application security best practices and continually refine the security requirements and coding standards in conjunction with multiple stakeholders including business, security and architecture teams
  • Identify application security requirements and assist stakeholders in integrating them into the development lifecycles
  • Manage and maintain application security testing effort of enterprise applications
  • Provide continuous visibility on the application security program to the information security leadership
  • Collaborate with large group of stakeholders to maintain and improve the efficiency and effectiveness of the application security program
  • Strong interpersonal skills and ability to articulate technology controls into business context
  • Demonstrated knowledge of latest application security techniques and technologies
  • Strong understanding on integration of security into traditional waterfall and advanced application development models (e.g. Agile, DevOps)
  • Strong understanding of secure coding, application penetration testing and security activities
  • Technical knowledge on securing applications including the strategic and tactical fixes for common vulnerabilities and knowledge on leading application security industry standards such as SANS and OWASP
  • Experience in driving application security remediation at enterprise scale with diverse stakeholders
  • Prior experience in secure development lifecycle, threat risk assessments and threat modelling exercises
  • Strong multi-tasking capabilities with attention to detail and the ability to dive deeply into issues
  • Industry certifications such as CISSP, CSSLP, GWEB, GWAPT preferred
86

Application Security Assessment Senior Analyst Resume Examples & Samples

  • Work directly with application teams to schedule and conduct assessments
  • Conducts manual tests and security reviews of web application and mobile applications
  • Conducts web and code analysis scans utilizing an automated scanner
  • Draft assessment report and publish to upper level executives
  • Travel on a limited basis Assessors will work as part of a globally distributed team, and service globally distributed client engagements
  • Minimum of 3 years of experience conducting Application Security Assessments
  • Minimum of 3 years of Data Analytics experience i.e. Building dashboards and performing analytics using Qlik
  • SAP Technical auditing
  • Expert knowledge of Analytics, Excel, Statistics a plus
  • Python or SQL scripting and text manipulation a plus
  • Knowledge of RSA Archer eGRC and risk reporting concepts a plus
  • Needs analytical and logical thinking, plus strong communication skills
  • Application Assessments: Work directly with application teams to schedule and conduct assessments, conducts manual tests and security reviews of web application and mobile applications
  • Conduct the assessment using customized work plan to address key risks of the engagement Conducts web and code analysis scans utilizing an automated scanner
  • A “self-starter” capable of autonomous working, direction and goal setting; self-motivated
87

Software Engineer, Application Security Resume Examples & Samples

  • Teaching your coworkers about security best practices
  • Running multi-tier or distributed web applications at scale
  • Developing or attacking mobile apps on Android or iOS
  • Helping developers identify and fix common vulnerabilities (e.g. OWASP Top 10 or SANS Top 25)Automating static and dynamic security testing as part of your CI pipeline
  • Deploying CSP and/or HPKP in production on a popular website
  • Amazon Web Services (AWS) or another cloud infrastructure provider
88

Application Security Requirements & Design Lead Resume Examples & Samples

  • Provide technical leadership and guidance in appropriately securing business applications owned, used, and provided by the firm
  • Collaborating with business and technology partners to understand the firm’s business goals, use of application development processes and related tools
  • Drive application security design principles and requirements processes to enhance the firm’s ability to streamline software delivery
  • Assessing secure development approaches, requirements, and evaluating existing solutions and providing strategic direction towards enhancements
  • Enhance current inventory of security features and libraries
  • Continuously enhance the security standards based upon existing and emerging technologies and threats, translating the standards into requirements and solutions
  • Create a global inventory of common security reusable components, defining a new program for identifying, managing, adopting and maintain them
  • Create a capability to identify, assess and solve difficult security design problems
  • Identify best practices and solutions to establish approved security features and frameworks
  • Drive automation of cyber processes and tools that impact the software development lifecycle in collaboration with the firm development office
  • Providing support in guiding business and technology partners on application security
  • Sharing of information about secure system development practices, risks, and interpretation of industry standards within the firm, and externally as a representative of the firm
89

Application Security Risk Manager Resume Examples & Samples

  • Provide thought leadership and offer innovative ideas and solutions to resolve systemic controls deficiencies
  • Lead and participate in cross Line of Business working groups and committees to review and approve proposed processes and controls and support presentations to various leadership groups
  • Provide guidance in appropriately securing business applications owned, used, and provided by the firm
  • Manage firm’s application security controls and requirements for emerging technologies such as Cloud
  • Provide subject matter expertise and governance on information security standards and control procedures
  • Liaise with Line of Business (LOB) cyber leads, risk managers, and other internal JPMC teams to maintain and enhance information security management program and to improve the firm’s overall risk posture
  • Responsible for managing, coaching and mentoring Cybersecurity professionals
  • 7+ years program management and process management experience
  • Proficient knowledge of secure SDLC and application security concepts
  • Knowledge of application development & deployment strategies and concepts
90

Application Security Secure Sdlc Manager, VP Resume Examples & Samples

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Third-party Software Component Analysis (SCA)
  • Deep experience building out and managing an enterprise wide Secure SDLC controls such as SAST, DAST or SCA
  • Familiar with application security tools such as Veracode SAST, Qualys WAS, Sonatype or Contrast
  • Familiar with regulations such as PCI, SOX, and GLBA
  • Relevant certification is not required but a plus such as CSSLP, GIAC-GSSP-JAVA, GIAC-GSSP-NET, GIAC-Web, CEH or CISSP
  • Soft Skills Qualifications
  • High Standards – passion to create a best in class program with relentless drive for continuous improvement of people, process and technology
  • Communication – ability presenting verbally and orally to business and technical staff in a clear and engaging method
  • Strategic – able to absorb and analyze information that allows you to make better future decisions
  • Executing – able to make things happen and get things done
  • Management – directs, controls and prioritizes work effectively and efficiently
  • Teamwork – thrives on collective wins
91

Application Security DNA Software Engineer Resume Examples & Samples

  • Self-starting, focussed on delivery
  • Desire to work with, and influence, other teams
  • Security awareness, including web application security awareness
  • Java, Python, or C#
92

Web Application Security Assessments Technical Lead Resume Examples & Samples

  • Conducting web, mobile, and application security assessments, and penetration tests. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tools
  • Mentoring junior team member
  • Bachelor Degree in Computer Science, Mathematics, Engineering or other STEM area of study preferred
  • Proven understanding of Software Security Architecture and Design
  • 7+ years of professional experience
  • 5-7 years of experience developing and securing web applications
  • Proven experience with vulnerability assessment tools such as QualysGuard, Fortify Source Code Analyzer, WebInspect, Burp, etc
  • Experience implementing controls for web and mobile applications
93

Security Consultant, Application Security Resume Examples & Samples

  • Gray box application testing. Our normal app assessment approach is a full-knowledge gray box style where we have access to docs, source, a functioning app, and control of the environment. We do also perform straight code reviews or black box testing and all consultants need to be comfortable with both. Basically you need be able to take advantage of those resources, when present, and not be hamstrung when they are not available
  • Code review and static analysis. You should know how to approach a large code review and be experienced with current static analysis tools. You should be able to look at a codebase and prioritize code for top-down as well as create signatures for components that aren’t covered with the base toolset
  • AngularJS
  • Objective-C
  • .Net (C#/Net), Java, Ruby, PHP, Python, along with common dev frameworks such as Spring Core/Boot/MVC, Hibernate, JSF/JSP, Ruby On Rails, Sinatra, Entity Framework, WCF
  • Consulting skills. This is a consulting position, which means you will have to talk to people at some point and wear a nice shirt once in a while. We understand that security folks can be weird at times and we generally like weird at Optiv but you have to be able to rein it in when working with the clients
  • Platform-wise we are a Mac shop
  • Bypass GeoLocation services, mainly used for on-line gaming / gambling
94

Application Security SME / Security Engineer Resume Examples & Samples

  • Must understand application security to include mitigating threats (i.e Denial of Service, Brute Force, Buffer Overflows, Input Validation, e.t.c)
  • Support technical team with code review in relation to application service pack releases
  • Participate in requirements reviews, environments compliance support to ensure security best practices are included in the builds
  • Participate in architecture reviews, change control board reviews, and assist with validation of CCB approved changes
  • Perform application vulnerability assessments, security control validations, document and track findings to closure
  • Analyze application vulnerability findings and POA&Ms to provide recommendations and assist with implementation of changes
  • Hands on experience with AWS Cloud Platforms and products
  • Open Source security tools
  • Experience working with Teable Nessus, McAfee Security Scanner for Databases, Webinspect, Core Impact or similar
  • Experience with search engines (i.e Elastic search), database systems (Oracle and PostgreSQL)
  • Industry Static content experience (Alfresco, Solr or similar)
95

Director, Application Security Resume Examples & Samples

  • BachelorsDegreeorhigherinComputerSciencepreferred
  • 5 years experience with implementing successful and effective SDLC program with high level of automation
  • Experience with ServiceNow's platform and applications is preferred
  • Security +, GSEC, CISSP certifications are strongly desired
  • Familiaritywithindustrystandardsandregulationsincluding SOC, ISO27001, and FedRAMP is desired
  • Experience performing Threat Modeling and integratingthreatmodelingpracticesintotheproductlife cycle
  • Direct experience coding in either the ServiceNow platform or one or more of the following languages: JavaScript, Java, Python, AngularJS or strong knowledge of frontend development frameworks
  • Experience in performing architecture and source code reviews for Security issues
  • Advanced knowledge and experience in penetration testing of custom web applications, complex cloud environments and web services (REST & SOAP)
  • In-depth experience with common web application vulnerabilities, such as the OWASP Top 10, and business logic flaws. Abilitytoexplainallvulnerabilitiesandweaknesses and discusseffectivedefensivetechniques
  • Experience with application vulnerability scanning products
  • Ability to produce effective metricsreportingthestateofapplicationsecurityprograms
  • Excellentverbalandwrittencommunication skills,includingexperiencespeakinginpublicforumsand writing/contributingtotechnical
96

Devsecops Application Security & Threat Modeling Specialist Resume Examples & Samples

  • Create execution strategies that focuses on embedding security controls into existing developer and tester practices and methodologies to enhance effectiveness
  • Manage a diverse organization of technologists focused on defining intelligence led enabling solutions
  • Provide senior level updates to various Operating Committees
  • Responsible for coaching and mentoring Cybersecurity professionals
  • 5+ years of experience in application security and secure systems development lifecycles
  • Security Design Reviews or ArchitectureRisk Analysis
  • Threat Model Patterns for applications and business processes
  • Identifying emerging risks and vulnerabilities beyond the common OWASP, NIST, SANS inventories
  • System software and organizational design standards, policies, and authorized approaches (e.g., ISO) relating to system/application design
  • Software design tools, methods, and techniques
  • 3+ years of experience in application development, architecture or engineering
  • Bachelor’s degree in Computer Science, Computer Engineering, or related field required
  • Direct involvement in application security assurance programs
  • Experience with developing & supporting application security strategy, architecture, and standards
  • Solid understanding of application security enabling technologies across the development lifecycle
  • Skilled in Threat Model methodologies and approaches such as STRIDE, Attack Trees
  • Certifications such as CISSP, CSSLP, Cloud Architect –highly desirable
  • Ability to resolve conflict in a collaborative manner
  • Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with senior level peers across the firm
97

Senior Analyst Application Security Resume Examples & Samples

  • Review raw code of critical applications for vulnerabilities
  • Conduct and manage application security testing
  • Act as the key resource for development teams in the remediation of vulnerabilities discovered by Vulnerability Management, Application Security, or outside vendors
  • Provide consultation services to development organizations and business units in the ideation phase to ensure secure application design
  • Conduct proactive risk assessments of existing applications to identify new and novel vulnerabilities previously unknown
  • Build simple and usable code artifacts that can be used in library form by many development teams
  • Any combination of equivalent education, work experience, and formal training that allows the candidate to meet the requirements of the position
  • Ability to offer reasonable remediation solutions to problems created by insecure code
  • Technical writing and documentation
  • Good understanding of Information Security standards, frameworks, and best practices (e.g., OWASP)
  • Demonstrable experience with at least two of the following development languages: .Net, C#, Java, PHP, Objective-C, SQL, SOAP, REST, custom API, SAML, Python, Go, Swift
  • Experience with at least one code security review tool: Fortify, WebInspect, Burp, AppScan
  • Understanding and awareness of documentation required in a secure software development lifecycle
  • Experience working with agile development groups
98

Application Security Manager, VP Resume Examples & Samples

  • Subject matter expertise in application security
  • Familiar in .NET or Java
  • Familiar with IDEs Visual Studio, eclipse or IntelliJIDEA
  • Familiar with defect management systems such as Jira or Visual Studio Team Foundation Server
  • Familiar with build systems such as Jenkins, Maven or Visual Studio Team Services
  • Familiar with regulations such as PCI, SOX, FFIEC or GLBA
99

Director Application Security Lifecycle Resume Examples & Samples

  • Bachelor’s Degree in Computer Science or similar field of study; advanced degree preferred
  • Relevant professional certification preferred
  • Five or more years of application security experience in a fast-paced, agile environment
  • Five or more years of software development experience across web, mobile, and API
  • Expert knowledge in building tools and/or processes to reliably identify security issues and business logic flaws (SAST, DAST, IAST, BDD, etc)
  • Expert knowledge in browser security controls, application security topics such as OWASP Top 10, and authentication infrastructure
  • Knowledge of and experience in application security program frameworks like OWASP SAMM and BSIMM
  • Knowledge of and experience in DevOps methods and principles
  • Strategy development and strong technical leadership experience
  • Track record of innovation, results, and ability to collaborate and affect change across functions
  • Demonstrated management and leadership experience with teams of 10 people or more
  • Proven ability to coordinate with geographically disbursed teams to drive results
  • Ability to communicate complex technical topics and facilitate discussions with business and technology leaders and peers
  • Ability to design, implement, and operate processes and methodologies in a manner that effectively supports business and information security objectives
  • Strong written and verbal communication, interpersonal, presentation, and negotiation skills
  • Demonstrated collaboration skills along with the ability to influence without authority
100

Senior Manager, Application Security Resume Examples & Samples

  • Provide overall strategic direction of the security team as well as lead the day-to-day application security operations, policies, architecture and governance
  • Attract, lead and continually develop a team of high performing security professionals
  • Develop a strategic roadmap for applications to implement security enhancements
  • Develop and lead an aggressive enterprise application security agenda/program and execute across all development teams and business lines
  • Identify methods to ensure secure-coding activities are consistently incorporated into all releases
  • Execute key tasks and projects ensuring that key goals and timelines are met
  • Collaborate across multiple development and business teams to drive change throughout the organization
  • Interact with internal and external clients and executive level management on topics related to application security
  • Partner with the IT Governance and Compliance department to ensure the development, compliance, and exceptions to policies, standards and procedures are in line with division directives
  • Maintain a strategic framework for guiding year-over-year security investment decisions, defined with sustainable metrics for measuring performance outcomes
  • Make recommendations for improvements to existing application security hardware, software and related tools
  • Assist in evaluation, planning, configuring and implementing new/existing security application tools
  • Identify and recommend potential areas where existing policies and procedures require change or where additional effort and/or information are required to mitigate key security risks
  • Partner with various stakeholders to improve security policies and procedures
  • Facilitate internal and external penetration testing and participate in security audits where applicable
  • Lead the identification, response, investigation, communication and remediation of potential breaches and issues surrounding application security
  • Responsible for executing programs for user awareness and compliance procedures
  • Bachelor of Computer Information Systems, Business Administration or technology-related field, or equivalent work experience in Information or Application Security
  • 10+ years of experience in a combination of risk management, information security, application security or application development
  • 5+ years in a leadership role managing an 8-10 member organization preferred, with responsibility for staffing decisions, mentoring, coaching and development, and performance evaluations
  • Proven/demonstrate success in development of information and/or application security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in an environment and culture of secure-coding practices
  • Critical thinker with strong analytical skills
  • Ability to motivate teams to achieve strategic and tactical goals
  • High level of personal integrity and professionalism as well as the ability to professional handle confidential matters
  • Preferred Industry recognized certification(s) in Information Security include: Certified Information Systems Security Professional (CISSP), GIAC Security Leadership Certification (GSLC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
  • Knowledge of common information security management frameworks such as NIST, ITL, COBIT
  • Ability to analyze and assess complex technical plans (i.e. security compliance standards)
  • Extremely effective written and verbal communication skills
  • Experience with common vulnerability publications and resources including: Common Vulnerability Scoring System (CVSS), National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE)
  • Travel (15%)
  • US Citizen Required
101

Application Security Solutions Engineer Platforms Maintenance & Support Resume Examples & Samples

  • Desired: At least 3+ years on experience in any major DevOps tool-chain (Veracode, Jenkins, Qualys, Fortify, SonarQube, GitHub, Code quality tools) implementation and automation
  • At least 8 years on experience with web application, web service implementation, infrastructure scans
  • At least 2 years of experience with SAST (Appscan/Veracode or similar) tools Web application background is required, along with a desire for continued learning’s for new programming languages, techniques and related security issues
  • Familiarity with the OWASP framework and application security best practices. Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security