We are looking for a Cyber Security Architect with Web APP and mobile experience to assist in executing an application penetration testing program that will serve to improve the security posture of Information Technology Infrastructure applications, servers and network applications. The successful candidate will conduct vulnerability and application security assessments, provide feedback on issues, create and deliver action plans, assist with identifying and tracking risk & remediation, and provide advice on mitigation safeguards, processes, and security best practices.
Assignment Length: 12-month contract
Assignment Starting; June
# Of Openings: 1
Top skills for Security Architect - Web APPs:
- Minimum of 5 years of professional work experience in Application security
- Application penetration testing including Mobile, Web, API
- Source code review preferably in Java, Kotlin, Objective C and Swift programming languages
- Threat modelling
- A good understanding of enterprise application development using programming languages such as Java, Kotlin, Objective C and Swift.
- Working experience in agile environments as part of the DevOps team with an excellent understanding of the CI/CD pipeline.
- Good understanding of the SAST Tools such as Checkmarx, Fortify and DAST tools such as NowSecure, Burp and AppScan.
- Must have a strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g., OWASP, NIST publications, and SANS/CWE.
- Must know about setting up a Mobile pen-testing platform (Jailbreaking, Rooting the device, setting up Cydia) and hands-on with manual security testing.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential
- Secure Software Development Lifecycle (SSDLC) experience, not just SDLC and which SSDLC framework (i.e. NIST Secure Software Development Framework (SSDF), MS Security Development Lifecycle (MS SDL), OWASP Comprehensive Lightweight Application Security Process (CLASP)) used
- Infrastructure as code (IaC)
- Development security operations (DevSecOps)
- Threat modelling scenario - or walk-through of any Threat modelling experience
- Securing CI/CD(Continuous Integration/Continuous Delivery) Pipeline
- Security Orchestration, Automation, Response (SOAR)
- Shift Security Left
- Web Application Code/Architecture review
- Securing microservices and containerized applications
- Security Serverless Architecture (get examples of what candidate has done for the security of Serverless Architecture)
- Application Programming Interface (API) Security
- Cross Site Scripting (XSS), XML External Entities (XXE), XML encryption, XML signatures, SAML tokens, OpenID Connect (OIDC), OAuth framework, Zero-trust security model
- Cross-Origin resource sharing (CORS), SQL, NoSQL, Command Injection
- Should have hands-on (actual work on resolving or how to resolve vulnerabilities generated by tools and provide which tools used experience with any of the following: Static application security testing (SAST), Dynamic application security testing (DAST), Interactive application security testing (IAST), Runtime Application Self-Protection (RASP), Application Security Testing Orchestration (ASTO), Penetration Testing Web Application Firewalls (WAF)
As the Security Architect - Web APPs, you will be responsible for:
- Execute security assessments for multiple agile projects simultaneously and ensure project timelines are met.
- Perform application security testing on applications such as Mobile (iOS /Android), web, APIs (REST/SOAP/Microservices), thick clients, etc., inclusive of the supporting infrastructure components.
- Utilize Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), and Component Vulnerability Management (CVM) tools such as Checkmarx, and Contrast, to uncover additional vulnerabilities during Dynamic Application Security Testing (DAST).
- Call on their deep understanding of OWASP Top 10 and CWE 25, with experience implementing remediation strategies.
- Deep knowledge and experience using SAST, DAST and Open-Source Vulnerability Scanning tools.
- Leverage application artifacts such as business requirements, user stories, design documents, architecture documents, and others to understand the scope of the agile review.
- Create targeted security user stories and misuse cases to execute during the agile review by performing threat modelling.
- Collaborate with application teams to promptly remediate any identified security vulnerabilities.
- Have the ability to read and understand application source code to provide specific recommendations for the identified vulnerabilities to application teams.
- Have technical solid writing and presentation skills to report and articulate security vulnerabilities to technical and non-technical audiences.
- Working knowledge of Risk and Compliance (GRC) tools as well as collaboration tools such as JIRA and Confluence
- Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques, penetration testing;
- Produce security assessment reports and distribute them to IT Support teams (for remediation)
- Ability to research, recommend and implement changes to procedures and systems to enhance application and systems security
- Ability to keep updated on the latest security regulations, advisories, alerts and vulnerabilities.
Don’t miss out on this opportunity. Apply online today!
Eagle is an equal opportunity employer and will provide accommodations during the recruitment process upon request. We thank all applicants for their interest; however, we will only be contacting candidates with the required skills. Please note that your application does not signify the beginning of employment with Eagle. Work with Eagle will only commence when placed on an assignment as a temporary employee of Eagle.