SECURITY ARCHITECT

City : Washington
State : District Of Columbia
Job Description :

5-8 Years Experience

• Relevant business and systems subject matter expertise - especially in Application Security
• Proven experience supporting application security projects as a security engineer
• Demonstrated business process analysis, Work flow, task analysis, user-acceptance testing and requirements analysis knowledge.
• Proven ability to elicit, document, analyze and verify requirements.
• Attention to detail and excellent analytical and problem-solving skills.
• Advanced written and verbal communication skills.
• Excellent organizational skills and ability to set priorities and handle multiple projects concurrently.
• Excellent analytical and problem solving skills
• This position requires a bachelors degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis.
• Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.

• Demonstrated successful use of AGILE and/or Waterfall SDLC methodology
• Must demonstrate understanding of industry standard Business Analysis Best Practices
• Excellent knowledge of MS Office tool set - MS Word, MS Excel, MS Project and MS Visio.

Preferred:

• Application development experience

Experience with disassemblers/decompilers/debugrs.

• Experience in security consulting role including assisting developers with writing secure code in the IDE (Eclipse, IntelliJ and Visual Studio) and Secure C, and prescribing application security requirements to development teams.
• Solid knowledge of OWASP Top Ten
• Experience performing application security assessments including web applications, mobile applications, and web services
• Ability to, perform manual source code review and find vulnerabilities in C/C++, C#, VB.Net,ASP,PHP, Java
• Experience with application analysis and performing application security testing using IAST, SAST, and DAST vulnerability scanners (burpsuite, IBM AppScan, Contrast Assess, HP Fortify SCA, Web Inspect, ASOC, CheckMarx, VeraCode, Synopsys Coverity etc.)
• Experience with web service testing tools (soapui,etc) and web services security
• Experience in developing proof-of-concept exploit examples
• Experience performing Vulnerability Issue validation, triaging, reporting and prioritization.
• Integrating Static, Dynamic and Interactive Application Security Testing into CI/CD build and deploy pipelines including securing source and artifact repositories to mitigate use of insecure code and implementing risk mitigation connected to use of 3rd Party / Open Source Libraries.
• Experience with some or all of the following: Unix, Linux, AIX, WebSphere and Tomcat administration and tuning, web application firewalls, API management, JIRA, Kanban, Artifactory
• Building Application Security KPI Dashboards
• Security Certification.
• Experience with healthcare insurance industry, especially BCBS plans.
• Experience with software testing, test management and defect tracking tools.
• Strong understanding of managed care principles, claims processing guidelines, Member contracts and Provider Agreements.
• Effective presentation, negotiation and influencing skills to interface with all levels of management and to facilitate large meetings across the CareFirst organization.

Additional Notes to Vendor :
Application security Testing, Penn. testing. Application Vulneralbility testing is a must! (burpsuite, IBM AppScan, Contrast Assess, HP Fortify SCA, Web Inspect, ASOC, CheckMarx, VeraCode, Synopsys Coverity etc.) Static and dynamic scan tools. Working with Developers on fixing the vulnerabilities. Remove backlog of vulnerabilities. Strong knowledge web app vulnerability discovery is a must! JAVA, Websphere, TomCat, directory path transveral resolution as an example.

Job Types: Full-time, Contract

Salary: $20.00 to $39.00 /hour