Description:

　　Responsible for developing and improving secure application software development lifecycle practices, secure testing and assessment, and the integration of Security with DevOps. This individual will help with the interpretation of NIST 800-171, putting this into layman's terms and making it digestible to the development teams so they can shift left in their Application Development Lifecycle and embed necessary security controls at the beginning of their development before it gets pushed to production environment. This role is responsible for vulnerability management of application development efforts, implementing application security controls in the cloud, embedding and automating security controls in DevOps, and helping development teams identify and track security risks to remediation.

　　Job Duties/Roles

　　Develop and maintain software application security policies, standards, and procedures.

　　Develop and implement software application security controls, including security best practices for the software development lifecycle.

　　Support and consult with product and development teams in application security, including application threat modeling, application architecture reviews, code security reviews and analysis, and application security testing.

　　Design technical solutions to address security weaknesses in applications.

　　Analyze system services and identify security issues in applications.

　　Assist teams in reproducing, triaging, and addressing application security vulnerabilities.

　　Assist in identifying and implementing automated tooling to identify and prevent security vulnerabilities and enable an effective DevSecOps environment.

　　Communicate the nature and severity of security concerns to the development team.

　　Help development teams assess and remediate application security concerns.

　　Knowledge, Skills and Abilities Required (KSAR)

　　Able to work well with software development teams and guide them on secure software development processes.

　　Expertise in Azure platform offerings and security best practices.

　　Cloud security experience with MS Azure (AWS and/or GCP a strong plus).

　　Experience configuring and running WAFs (Web Application Firewalls).

　　Experience identifying security threats and vulnerabilities using threat modelling, and code review and analysis.

　　Work experience in securing containers.

　　Work experience with DevSecOps environments, orchestration, and security tools.

　　Work experience with application security processes, tools, and principles, such as: SCA, SAST, DAST, Web Application Firewalls, including API security.

　　Application security expertise understanding vulnerabilities and remediation solutions (OWASP, SANS 25).

　　Basic development or scripting experience and skills. Ruby, Ruby on Rails, JavaScript, and/or Go are preferred.

　　A basic understanding of network and web related protocols (such as HTTP, HTTPS, SSH...).

　　Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

　　Working knowledge of the ABS Health, Safety, Quality & Environmental Management System (applicable to internal candidates).

　　Skills:

　　Azure, Cloud, Security, Security architecture, Cyber security, SSDLC, WAF, azure cloud security, microsoft defender, azure key vault, github advanced security, threat modeling, ansible, containerization, Cicd, splunk, Owasp, Application security, Architecture, nist

　　Additional Skills & Qualifications:

　　Professional information security certification (such as: CISSP, CCSP, GWAPT, GWEB, AWS/Azure Solutions Architect) preferred.

　　AZ-204: Developing Solutions for Microsoft Azure – preferred.

　　AZ-305: Designing Microsoft Azure Infrastructure Solutions – preferred.

　　AZ-500: Microsoft Azure Security Technologies – preferred.

　　Experience Level:

　　Expert Level

　　About TEKsystems:

　　We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

　　The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

　　We are an equal opportunity employers and will consider all applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability or any other characteristic protected by law. To view the EEO is the law poster click here. Applicants with disabilities that require an accommodation or assistance a position, please call 888-472-3411 or email [email protected]. This is a dedicated line designed exclusively to assist job seekers whose disability prevents them from being able to apply online. Messages left for other purposes will not receive a response.