Responsibilities include:

 Working with application development and QA teams across multiple products to: Review, evaluate and prioritize vulnerability findings

• 
  

  Provide SME support on secure code implementation, design and architecture.

  
  


• 
  

  Threat-modeling & risk analysis

  
  


• 
  

  Training

  
  


• 
  

  Participate in providing annual OWASP & PCI training for developers

  
  


• 
  

  Helps maintain updated Secure Coding Best Practices

  
  


• 
  

  Common application level vulnerabilities

  
  


• 
  

  Risk Management

  
  


• 
  

  Findings/vulnerability prioritization

  
  


• 
  

  Mitigation strategy

  
  


• 
  

  Controls Evaluation - Review, validate, recommend and create standards

  
  


• 
  

  Review of open-source development libraries for security risks

  
  


• 
  

  Web application firewall (WAF) rule development and implementation

  
  


• 
  

  Security technologies review and recommendations

  
  

REQUIREMENTS

• Qualifications:  Bachelors of Computer Science or similar - 6 or more years of experience in applying Information Security best practices to Information Technology assets plus 5 or more years of experience with software development.


• Experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews -


• Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them 


• Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand; and ability to effectively communicate with both non-technical and technical people -


• Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges - Ability to work well inside and outside the team.