In this position the candidate will be responsible for developing and advancing security policies and procedures as it relates to internal and external application development and business processes and procedures. Candidate will work with all areas of the company to ensure appropriate data and application components are secure and develop processes and security improvements.
Ideal candidates will demonstrate exceptional attention to detail as well as a broad knowledge of analytical, security and software development, troubleshooting, capacity planning, audit principles, and security risk assessment. Able to quickly and efficiently resolve issues while maintaining high levels of customer satisfaction. This position is responsible for supporting the infrastructure of applications providing services both internally and to our customer and will work with groups within and outside of the company to ensure the Information Security Program is operating effectively.
This position will be a hybrid of onsite (Peachtree City location/suburb of Atlanta) and remote work.
Essential Functions
Architect, design, implement, support, and evaluate application security solutions and services including code and application analysis tools, open-source security tools (Operational, Security, and Open Source License Compliance), testing and vulnerability management tools
Assist teams implementing the company’s standards (change management, code testing, production release, etc.) to make our applications safe while promoting security within the company
Works closely with development and architecture teams to develop, build and deliver the future state IAM strategy for the Enterprise. Including helping define a vision for how identities will be managed across all parts of the business, and how the associated access to systems and data will be maintained
Assist in the creation and maintenance of an asset inventory (application stack) which will cover all web applications, application programming interfaces (APIs) and UIs; assist in the ranking of these assets to prioritize and implement initial and recurring asset security assessments
Track and research the latest attacks and how they might apply to our environments
Helps develop monitoring and reporting on the health, effectiveness and efficiency of Security policies, processes, and procedures.
Complete understanding of the OWASP Top 10 Application Security Vulnerability List
Participate in and support application security reviews and threat modeling, including code review and dynamic testing
Assist development teams in bug and security hunting and remediation
Drive the secure coding best practices and training
Assist development teams in consultation in secure coding and vulnerability remediation
Removes barriers to move faster
Qualifications
Bachelor’s degree in Computer Science or related field or equivalent education and experience
5 years + of experience with development security
Comfortable in leading meetings and groups
Ability to work as a team player
Ability to manage multiple projects and priorities
The passion and drive to look for application security defects
Strong knowledge of secure development practices, security code review, secure coding practices, threat modeling and security methodologies
Experience in Threat Modeling and Architectural Risk Analysis
Knowledge of security across multiple disciplines (data, database, operating system)
API Security and concepts (REST API, Oauth, JWTs, etc.)
Agile Methodologies
Experience with Java
Proven ability to understand, replicate, remediate OWASP TOP 10 vulnerabilities & impact (proxies such as Burp, ZAP, Fiddler)
Experience with manually auditing source code to find security issues or programming skills
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status.
