Main Duties
Application Security Assessment
Support application security assessment coverage across to company.
Work with global team and external entities to deliver Application Security services.
Analyze and review security issues identified for false positive
Communicate security issues identified and mitigation/remediation options to development community
Generation of reports and follow up on issues until closure
Develop and deploy tools, techniques and capabilities to enhance ability
Develop automation scripts to enhance and automate the process.

Education and Secure Coding
Address questions on application and information security topics
Explain security topics at varying levels of technical levels, from high-level concepts to executives, to low-level technical details to developers
Develop Application Security course syllabus based on target audience proficiency level
Create training materials including demonstrations, hands-on lab and multimedia
Engage various corporate departments (e.g. HR, Estate Management, Learning Management System etc) for training roll-out
Develop secure development guidelines
Manage secure development certification of developers
Promote the awareness and importance of application security education

Basic Qualifications

Bachelors Degree
5 years + experience of security techniques and technologies including Static Application
Preferred Qualifications
Security Assessment, Dynamic Application Security Assessment.
Have Application Security knowledge including OWASP, SANS Top 25, etc.
Understanding of Application security issues, coding standards, strong communication skills and ability to articulate them to developers and project managers.
Understanding of the security mechanisms associated with Applications, operating systems, networks and databases.
Has an awareness of emerging Application Security security technologies
Knowledge of various programming languages: Java, Perl, Shell script, SQL, C#
Experience working with web and mobile development projects as a developer or security subject matter expert
Knowledge of Secure Development Lifecycle methodologies, development platforms (Java and .NET etc).
Knowledge of middleware platforms (e.g. Websphere)

Certification
Certified CISSP, CSSLP or Application Security product related certification.
Knows what should be communicated, when and to whom.
Actively seeks ways to understand mitigate or reduce risks.
Pro-actively identify risk gaps within the area and mitigate risk
Able to operate in a regulated environment following rules and procedures
Can describe alternative problem-solving approaches and their optimal uses.
Ability to communicate with both technology and business representatives.
Ability to work concisely when under pressure or with extremely tight timescales.
Able to shift well from task to task.
Project management

For more info contact me at mike.andrew@disys.com or 201-918-3729