Employer Active
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices performs software security architecture and design reviews and supports the identification interpretation and remediation of vulnerabilities across a variety of applications programming languages and platforms.
Serve as a liaison between development teams and stakeholders to understand and formulate security requirements.
Define maintain and enforce application security best practices.
Good understanding of OWASP Top 10 SANS 25
Perform thirdparty libraries security assessment and dependency analysis.
Conduct vulnerability assessment and manual/automated code review of Java and Scala applications.
Apply knowledge of web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF XSS SQL Injection Privilege Escalation etc.) and recommend remediation.
Be proficient in static dynamic and penetration security testing of Web Applications and REST APIs.
Write comprehensive reports including assessmentbased findings outcomes and propositions for further system security enhancement.
Demonstrate vulnerabilities to application owners and provide mitigation recommendations.
Knowledge of Continuous Integration and Continuous Deployment (CI/CD) activities to integrate and automate security tools within DevOps processes.
Responsibilities:
Qualifications:
Required Skills:
3 years of HandsOn application security penetration testing experience using BurpSuite Pro
2 years of experience related to application security vulnerability and risk assessments security policy development and review general IT and security controls development compliance readiness (i.e. NIST 800 Series DIACAP FISMA FedRAMP FIPS) and technical security architecture/ design/ development/ implementation
At least one recognized security professional certification (CISSP GWAPT CEH LPT CCSP)
Experience with one or more programming languages such as Java JavaScript Python or UNIX shell
Handson experience automating security tools in CI/CD Jenkins such as OWASP ZAP Nessus Fortify Sonatype Nexus
Experience in Secure SDLC DevSecOps principles and Cloud security best practices
All candidates should have:
Proven ability to work independently and as a team member
Strong organizational attentiontodetail multitasking and timemanagement skills
Eligibility to receive Federal Public Trust clearance
Established residency in the US for at least 3 of the last 5 years.
Candidates must be local to the Washington D.C. Metro/Northern VA area travel will not be reimbursed
Cloud BC Labs Inc is a digital transformation organization aimed at creating seamless solutions for clients to effectively manage their business operations. The company specializes in Business and Management Consulting AI/ML Data Analytics & Visualization Cloud Data Warehouse Migration Snowflake Implementation Informatica Implementation & Upgrade Staffing Services and Data Management Solutions
Full Time