This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Product and Application Security Specialist Vertafore

From OWASP
Jump to: navigation, search

Product and Application Security Specialist / Full Time / Bothell, WA.

The Product & Application Security Specialist will provide technical advice for secure solutions during the design, development, selection, and testing of systems supporting the IT infrastructure, enterprise applications, and product offerings.


Job Duties & Responsibilities

• Review upcoming application security issues and trends, and develop recommendations for addressing such issues.

• Collaborate with various departments, consultants and other leaders to address security risks and offer risk mitigation recommendations to address product application vulnerabilities. Includes facilitating threat modeling and providing advice for security plans for new systems / applications.

• Facilitate application security code reviews, penetration testing, and vulnerability testing with development teams, and work with them to resolve significant security exposures.

• Perform technical security testing of business applications and the enterprise network infrastructure.

• Develop and update security training for project consultants, developers, QA testers and product implementation teams.

• Draft security standards and guidelines. Including acceptance criteria for new information systems, upgrades, and new versions as well as suitable tests of the system(s) carried out during development and prior to acceptance.

• Work proactively with analysts and project consultants to help ensure that business resumption controls are included as project requirements for application system changes, and are incorporated into the resulting program.

Education & Work Experience

• 5 years previous experience in Information Security or IT audit required.

• 2 years of experience in software development preferred.

• 2 years of experience in IT operations and IT project management preferred.

• Familiarity with Secure SDLC practices required.

• Secure code review experience with Fortify preferred

• Bachelor degree in a technology-related field preferred.

• Experience with designing secure host, database, and application solutions for multi-tier systems.

• Experience with developing software on and MS .Net platforms.

• Experience with agile system development practices.

• Experience with implementing and operating network security technologies and security assessment tools.

• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment and maturity.

• Excellent communication and interpersonal skills.

Qualified candidates should contact Darrell Hines, [email protected]