job summary:
Qualifications Responsibilities: - Identify risks and areas of exposure in applications, our development process and architecture.
- Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
- Define and document application security requirements.
- Oversee development of security components throughout all stages of the SDLC.
- Perform manual and automated security testing.
- Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
- Educate developers on secure coding techniques and security best practices.
- Participate in development of security policies, standards, and processes.
- Participate in incident handling and perform application-related forensics activities.
Skills Required: - Bachelor's degree in Computer Science or equivalent
- Good understanding of RESTful APIs and microservices
- Knowledge of JIRA
- Understanding of Agile development methodologies
- Experience with Python, Go, Node.js, Angular.js or Vue.js
- Experience working with cloud platforms (AWS, Azure, Google Cloud, or similar)
- Working knowledge of application containers frameworks and technologies (Docker, Kubernetes, Red Hat OpenShift, Pivotal Cloud Foundry)
- Ability to identify security vulnerabilities from source code reviews and testing.
- Knowledge of encryption technologies, secure communications, and secure credentials management.
- Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
- Intimate familiarity with web application testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
- Ability to define application security requirements and build secure web application solutions.
- Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
- Self-directed and capable of working in a dynamic and startup environment.
Preferred: - AWS Security certified
- ISO27001, SOC2 certification experience
location: Boston, Massachusetts
job type: Permanent
salary: $120,000 - 140,000 per year
work hours: 8am to 5pm
education: Bachelors
responsibilities:
Identify risks and areas of exposure in applications, our development process and architecture.
- Perform security reviews of source code, stored procedures, datastores, and server/service configurations.
- Define and document application security requirements.
- Oversee development of security components throughout all stages of the SDLC.
- Perform manual and automated security testing.
- Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
- Educate developers on secure coding techniques and security best practices.
- Participate in development of security policies, standards, and processes.
- Participate in incident handling and perform application-related forensics activities.
qualifications:
- Experience level: Experienced
- Minimum 5 years of experience
- Education: Bachelors (required)
skills:
- application security (1 year of experience is preferred)
- secure coding (1 year of experience is preferred)
- Microservices
- Cloud (5 years of experience is preferred)
- RESTful API (5 years of experience is preferred)
- AWS (3 years of experience is preferred)
- web testing tools (2 years of experience is preferred)
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.