In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in our applications. You will also act as an application security SME for the development and security communities. Design, implement, and enforce security policies that protect systems and data from security risks.
Responsible for the identification, investigation, and resolution of security events detected by those systems. Tasks may include involvement in the implementation of new security solutions; participation in the creation / maintenance of policies, standards, baselines, guidelines, and procedures; and conducting vulnerability audits and assessments.
Participate in the Secure SDLC Strategic Plan and execution of the Secure SDLC process.
Perform dynamic and static application security testing against web applications, thick-client applications, APIs and mobile applications.
Perform assessment of cloud architecture and configuration.
Perform application threat modeling.
Perform findings/vulnerabilities analysis, document results, engage with high level personnel, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities.
Engage customers on the implementation and improvement of secure software development lifecycle.
Support / Execute the implementation of a risk and policy framework including distribution and maintenance of information security and related policies, as assigned by more senior RISC personnel. Implementation should support the department’s accountability in setting risk and security policies, standards, guidelines, processes and procedures
Maintain up-to-date in-depth knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors
Recommend additional security solutions, or enhancements to existing security solutions to improve overall enterprise security.
Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (e.g. security tools) or not (e.g. workstations, servers)
Provide call escalation for all in-place security solutions.
Evaluate new or modified systems, processes, and/or products vs internal security standards to identify risks that fall outside of risk tolerances.
Provide evening and weekend “on call / issue” support as needed.
Cyber security experience required
Experience with security operations preferred
Experience with SIEM systems preferred
Strong understanding of IP, TCP/IP, and other network administration protocols preferred
Strong understanding of Windows and Linux systems preferred
Familiarity with security incident response preferred
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Internal Number: 5507
About OpenArc, LLC
OpenArc is a technology consulting firm providing industry-leading technical talent placement, software development, and technology strategy services to clients nationwide. Through a unique blending of people and software, OpenArc has a business practice that delivers amazing enterprise, mobile and consumer-facing apps and the best talent for contract, contract-to-hire and direct placements for clients and partners alike.
Staffed with the most-trusted recruiting experts, elite software developers, UI/UX designers and market experts, our team provides clients with the best resources, the right techniques and world-class support resulting in powerful measurable success.