Current Job Openings

Information Security Applications Code Assessor: 335 Adams Street, Brooklyn NY 11201 or 2 Metrotech Center, Brooklyn NY 11201 or alternate DIIT locations

Due Date:
Wednesday, July 1, 2020 12:00 PM

Job Title:
Information Security Applications Code Assessor

335 Adams Street, Brooklyn NY 11201 or 2 Metrotech Center, Brooklyn NY 11201 or alternate DIIT locations

Scheduled Work Hours:
Full Time - 9 to 5 - 35hrs/wk

Service Scope:

• • Performs detailed source code reviews of both new and existing application.
• • Performs application security assessments.
• • Develops application security standards and policy documentation.
• • Perform automated and manual run-time assessments.
• • Performs automated and manual code review and threat modeling.
• • Performs Secure Development Lifecycle (SDL) process assessments.
• • Educates developers on proper secure coding practices.
• • Provides and/or organize appropriate application security training and awareness for technical and non-technical staff.
• • Acts as security applications subject matter expert (SME), providing consulting solutions and support to Application Development teams.
• • Actively manages the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriately.
• • Works closely with development teams to remediate application vulnerabilities detected through security scanning tools.
• • Liaises with relevant stakeholders within the Technology groups and business units to ensure security awareness and issues are communicated effectively.
• • Carries out risk assessments and/or threat modeling to articulate the levels and types of security controls appropriate application/product initiatives.
• • Researches, initiates and drives the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software produced.

Mandatory Skills:
• 7+ years of experience with the following:
• • Detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows) as well as emerging platform vulnerabilities (e.g., Flash, AJAX).
• • Reviewing source code and assisting developers in closing vulnerabilities.
• • Performing active black-box penetration testing against web applications, above-and-beyond the use of commercial products or pre-existing scripts.
• • Enterprise application development experience in both .NET and Java/J2EEE.
• • Secure software development life-cycle.
• • Excellent written and verbal communication skills, experienced at communicating with developers as well as technical and non-technical management.
• • 4+ years of work experience focused purely on application system and code-level security.

Apply for this job

« Back to Current Job Openings