Work with product teams and product owners to understand and
formulate security requirements for large internet-facing,
enterprise software applications.
• Serve as SME on application security and collaborate with
software development teams to provide technical guidance to
implement appropriate security solutions, mechanisms and/or
controls that address business requirements.
• Consult on technical security issues/incidents as needed.
• Initiate and conduct manual/automated code reviews (via risk
• Act as a liaison between software engineers and Information
System Security Office (ISSO)
• Conduct and coordinate vulnerability assessments and code-reviews
of software application under development
• Conduct risk assessment planning sessions and results
• Experience writing automated unit tests.
• Experience in performing code reviews.
• Participate in Agile SCRUM activities such as daily standup,
sprint planning and retrospective meetings
• Monitor the marketplace for application security related tools,
conduct tool analysis and provide recommendations.
• 7+ years of Java/Enterprise Java development experience
• Expertise with application server technologies, Spring Framework,
Spring Security, Web Services (JAX-RS/JAX-WS), REST and
• In-depth knowledge of and experience with Java security
technologies, Single-sign-on and identity management
• Expertise with web system security concepts, including
multi-factor authentication , authorization (RBAC),
encryption/hashing, SAML (mandatory), LDAP
• Knowledge of cross-site scripting (XSS), session hijacking, SQL
injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and
other attack vectors
• Knowledge of TCP/IP, HTTP/S and related protocols
• Knowledge of network-based, system-level and application layer
attacks and mitigation methods
• Experience with static code analysis tools including HP Fortify,
• Knowledge of and experience with agile software development
• BS in Computer Science or related field