As a key member of the application development team, your role revolves around providing expert guidance on security matters. You'll be instrumental in designing, reviewing, and supporting security protocols within our applications, minimizing risk and ensuring robust security measures are in place. From code review to cyber security operations, your responsibilities encompass various aspects of securing our applications and systems. Collaborating with cross-functional teams, evaluating new technologies, and contributing to training initiatives are also vital components of this role.
This is a long-term, remote contract (EST).
Key Responsibilities:
- Offer subject matter expertise on security within the application development team.
- Contribute to the design, review, and support of security measures in application development projects.
- Conduct thorough code reviews to ensure adherence to security standards and quality assurance.
- Support cyber security operations pertaining to application development.
- Collaborate with development teams to enhance cyber security posture through methodologies and technologies.
- Coordinate with project teams to maintain security in new technology initiatives.
- Ensure documentation and processes are audit-ready and assist in audit responses.
- Respond to security alerts/incidents and investigate code for potential vulnerabilities.
- Perform architecture and code reviews to identify security risks.
- Assist in evaluating supply chain vendors concerning application development.
- Evaluate new security tools and technologies for application development.
- Develop metrics and provide routine security reports.
- Contribute to the development of cyber security training materials and awareness initiatives.
- Undertake additional duties as assigned.
Qualifications:
- Bachelor’s Degree in a related technical field with at least 3 years of relevant experience.
- Comprehensive technical background in security with strong critical thinking and troubleshooting skills.
- Expertise in Microsoft development stack, including .NET Framework & CORE, C#, SQL, Web Services (WCF), and Azure app service.
- Proficiency in TCP/IP, secure networks, operating systems, SDLC coding, and encryption concepts.
- Ability to create detailed process and procedure documentation.
- Familiarity with security best practices, standards, and compliance initiatives such as NIST Cyber Security Framework, 800-53, 800-171, SOC Trust Services Criteria, and NERC CIP.
- Capacity to thrive in a dynamic environment with changing priorities.
- Excellent communication and interpersonal skills for effective collaboration.
- Ability to grasp technical specifications and system requirements.
- Familiarity with security strategies, threat actors, and associated tactics and tools.
- Experience in various security areas including secure development, quality assurance, incident response, threat management, and penetration testing.