Company:
ECA Staffing Solutions, Inc
Location: Jacksonville
Closing Date: 29/11/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Position Summary:
This position is responsible for working very closely with software development teams to implement various security controls and DevSecOps practices as part of their development lifecycle; assist in identifying, reviewing, and managing application security vulnerabilities; and provide relevant technical guidance to remediate those vulnerabilities. The ideal candidate should have a demonstrated experience in working as part of, or very closely with, agile / DevOps teams and a strong knowledge of modern software architecture styles and coding practices.
Responsibilities:
Provide technical guidance to application development teams to understand security risk and how to remediate security vulnerabilities in code.
Collaborate with development teams to create and maintain a Secure-SDLC and ensure that security requirements/controls can be embedded within the software application.
Conduct manual security code reviews and identify insecure code patterns.
Assist with onboarding new applications to SAST, DAST, and SCA tools.
Monitor scanning tools for new vulnerabilities and review false positives.
Review and validate resolved security bugs and bring them to closure
Implement innovative solutions to scale the program with emphasis on automation where applicable.
Write and maintain automation scripts to support custom integrations with scan tools and reports.
Establish and maintain excellent relationships with customer / business units.
Actively participate with the team to identify opportunities for improvement in our vulnerability management program.
Keep abreast of and provide recommendations on emerging security technologies/tools.
Perform other duties as assigned.
The ideal candidate will be:
Accountable - takes accountability for the success of the application security assignments. Continually evaluates outstanding items for follow up and bringing tasks to closure. Takes action to mitigate risks and resolve issues.
Collaborative – Facilitates interaction, discussion and drives decisions required to meet deliverables.
Pragmatic Problem Solver – demonstrated ability to engage stakeholders and facilitate practical solutions. Looks to resolve, not to blame. Bases recommendations and decisions on facts.
Multi Task Oriented - proven ability to manage multiple concurrent projects and drive projects to successful completion.
Requirements:
Software development experience, especially in Microsoft technologies (e.g. C#, .NET, Azure, MS SQL Server)
Good understanding of modern web application architectures and frameworks.
Familiarity with basic web application security issues, such as those outlined in OWASP Top 10.
Ability to use DevOps CI/CD tools.
Experience working with DevOps methodologies and tools.
Experience with scripting or shell languages such as Python or PowerShell.
Familiarity with application security scanning tools and methodologies (SAST, DAST, SCA).
Knowledge of application security throughout the software lifecycle.
Familiarity with secure coding practices.
Ability to perform manual and automated testing to identify vulnerabilities.
Experience working collaboratively with engineers.
Excellent communication skills including presentation and documentation.
Skills:
Development in C#, .NET framework, .NET Core and JavaScript.
Using Relational DBMS / SQL.
Experience working with Git repositories, software build tools, and software deployment tools.
MS Office skills (Excel, Word, etc).
Strong organizational skills required.
Strong interpersonal skills required.
This position is responsible for working very closely with software development teams to implement various security controls and DevSecOps practices as part of their development lifecycle; assist in identifying, reviewing, and managing application security vulnerabilities; and provide relevant technical guidance to remediate those vulnerabilities. The ideal candidate should have a demonstrated experience in working as part of, or very closely with, agile / DevOps teams and a strong knowledge of modern software architecture styles and coding practices.
Responsibilities:
Provide technical guidance to application development teams to understand security risk and how to remediate security vulnerabilities in code.
Collaborate with development teams to create and maintain a Secure-SDLC and ensure that security requirements/controls can be embedded within the software application.
Conduct manual security code reviews and identify insecure code patterns.
Assist with onboarding new applications to SAST, DAST, and SCA tools.
Monitor scanning tools for new vulnerabilities and review false positives.
Review and validate resolved security bugs and bring them to closure
Implement innovative solutions to scale the program with emphasis on automation where applicable.
Write and maintain automation scripts to support custom integrations with scan tools and reports.
Establish and maintain excellent relationships with customer / business units.
Actively participate with the team to identify opportunities for improvement in our vulnerability management program.
Keep abreast of and provide recommendations on emerging security technologies/tools.
Perform other duties as assigned.
The ideal candidate will be:
Accountable - takes accountability for the success of the application security assignments. Continually evaluates outstanding items for follow up and bringing tasks to closure. Takes action to mitigate risks and resolve issues.
Collaborative – Facilitates interaction, discussion and drives decisions required to meet deliverables.
Pragmatic Problem Solver – demonstrated ability to engage stakeholders and facilitate practical solutions. Looks to resolve, not to blame. Bases recommendations and decisions on facts.
Multi Task Oriented - proven ability to manage multiple concurrent projects and drive projects to successful completion.
Requirements:
Software development experience, especially in Microsoft technologies (e.g. C#, .NET, Azure, MS SQL Server)
Good understanding of modern web application architectures and frameworks.
Familiarity with basic web application security issues, such as those outlined in OWASP Top 10.
Ability to use DevOps CI/CD tools.
Experience working with DevOps methodologies and tools.
Experience with scripting or shell languages such as Python or PowerShell.
Familiarity with application security scanning tools and methodologies (SAST, DAST, SCA).
Knowledge of application security throughout the software lifecycle.
Familiarity with secure coding practices.
Ability to perform manual and automated testing to identify vulnerabilities.
Experience working collaboratively with engineers.
Excellent communication skills including presentation and documentation.
Skills:
Development in C#, .NET framework, .NET Core and JavaScript.
Using Relational DBMS / SQL.
Experience working with Git repositories, software build tools, and software deployment tools.
MS Office skills (Excel, Word, etc).
Strong organizational skills required.
Strong interpersonal skills required.
Share this job
Useful Links