JerseyCityRecruiter Since 2001
the smart solution for Jersey City jobs

Application Security Engineer (Manual Source Code Review)

Company: Metaoption Llc
Location: Jersey City
Posted on: January 12, 2022

Job Description:

Skills: Application Security, OWASP, SANS CWE, Programming, Scripting, OAUTH, Code Review, Manual Source Code

Experience level: Mid-senior

Experience required: 10 Years

Education level: Bachelors degree

Job function: Information Technology

Industry: Financial Services

Relocation assistance: No (Prefer local candidates in Dallas TX first but willing to look at Jersey City NJ candidates.)

Visa : US citizens, Greencard holders preferred

NOTE: All candidates presented must know that when hired for the role that they will be started out working remote initially due to COVID-19 with offices closed but that they must be expected to work onsite in the office once offices are reopen (tentative target in Q1 now). When office reopens: 3 days onsite, 2 days remote (subject to change based on team business needs)

MUST HAVE

Proficiency in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.

Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, JavaScript, Python.

One or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).

Position Summary

The Application Security Manual Secure Code Review Consultant is responsible for the Manual secure code review and assessment of in-house developed source code of Web/Non-web and cloud apps, APIs using manual approach primarily, develop and leverage custom scripts and tools as required. The individual should possess strong knowledge of Secure coding principles across widely used programming languages (Java, Angular/Node JS, Java Script, Python, Ruby etc.) along with excellent communication, analysis and organizational skills.

Interaction with developers (Application Development) to gather application source code details, conduct code review and provide technical assistance in remediating application security issues will be part of the responsibilities

Responsibilities

Proficient in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.

Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks

Experience with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. Tomcat, .Net, MS SQL, etc.).

Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).

Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.

Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)

Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, Java Script, Python.

Should have a solid understanding of security controls and how they apply to different designs and systems.

Understand, highlight and articulate risk to product owners in an understandable language.

Knowledge of DevSecOps and development pipeline integration and automation.

Knowledge in Cloud and Containers infrastructure. AWS, Azure and docker experience is a plus.

Document vulnerabilities and work with developers on vulnerability mitigation

Perform re-reviews to validate the fixes on the reported vulnerabilities.

Provide excellent coordination with local teams (which includes vendor consultants), onsite team and various other support teams in organization

Provides regular status updates on all assigned tasks and deliverables.

Attend meetings with all involved stakeholders from TRM and IT leads to provide updates and de-brief when required.

Qualifications

At least 10 years of progressive development experience with 4+ years in Secure Code review and Application Security.

Proficiency with Application Security best practices with more focus secure coding guidelines

Experience in performing manual secure code review of popular web application programming languages (Java, Javascript, Angular, Python, Perl, optionally Objective-C, etc.).

Demonstrated proficiency of troubleshooting techniques and detail-oriented problem-solving mindset

Ability to conduct research into technical issues, standards, and products

Good written and verbal communication skills and the ability to interact well with different levels within the organization

Have one or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).

Powered by JazzHR

qNzen2LvErby Jobble

Keywords: Metaoption Llc, Jersey City , Application Security Engineer (Manual Source Code Review), Engineering , Jersey City, New Jersey

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest New Jersey jobs by following @recnetNJ on Twitter!

Jersey City RSS job feeds