Duration: Direct Hire/Permanent
Compensation: up to $160k base/yr + up to 20% bonus + Stock + Benefits
Location: Dallas, TX or Basking Ridge, NJ or Tampa, FL or REMOTE for right candidate

***U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time.*** 

Security & Risk Management Principal is responsible for Application Security for Corporate Systems and includes Enterprise Vulnerability Management, Cloud Security, Risk Analysis.

Requirements:

  • Lead the Enterprise Vulnerability management for Corporate systems including Source Code Scans/Dynamic Application/Open Source Code/IP Scans and Vulnerability remediation.
  • Managing adaptive Security including Runtime Application Self Protection, logging & monitoring, Database Security.
  • Aligning with Enterprise InfoSec leads for risk assessment of applications including ERP, SaaS and Cloud native solutions.
  • Coordinating with a broad cross-section of project teams to explain and enforce security measures.
  • Aligning with system integration leads to a review of the architecture and security measures and recommend enhancements.
  • Reviewing various security protocols, data encryption, authentication, authorization for ERP landscape.
  • Part of AppSecurity management involved in building strategy for protection and mitigation of data security for data at rest and in transit. This includes On Prem, Cloud and hybrid environments.
  • Analyzing business impact and exposure based on emerging security threats, vulnerabilities, and risks and recommending solutions to mitigate them.
  • Analyzing vulnerability assessments and penetration tests using generally accepted tools, and recommending remediations.
  • Complying with Security by design by assisting with the development team in remediation of control deficiencies identified during the security risk assessment.
  • Participating in the Security Incident Response Team (SIRT) activities, helping SIRT to respond and recover from security incidents in a timely manner for ERP environments.

Requirements:

  • Software Development experience in Java, .NET, DevSecOps, Secure SDLC practices and Threat Modeling.
  • Experience with Application Security – Static Application Security Testing (SAST) ex. Fortify, Checkmarx, Dynamic Application Security Testing (DAST) ex. OWASP ZAP and Open Source Software Security (3rd party libraries) ex. Black Duck.
  • Experience in Application Logging & Monitoring and provide remediation solutions for the findings.
  • Cloud Security experience such as SaaS Solutions and experience with at least one of the following: Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
  • Experience in Vulnerability Management includes analyzing metrics and reports and proposing remediation plan and process changes.
  • Bachelor's degree or six or more years of work experience

Preferred:

  • Working experience in both Linux and Windows environments.
  • Knowledge of: Database Security ex. Guardium, Runtime Application Self-Protection (RASP), Splunk and Dashboard Development, Container Security ex. Twistlock Privacy and Data Protection
  • Web API & Mobile Application Security Testing – API, Micro Services.
  • CSSLP (ISC2) or CISSP (ISC2) or CASE (EC-Council).
  • CEH (EC-Council), CCSP (ISC2), CCSK (CSA), AWS Solutions Architect.
  • Work independently and report to the Lead/Manager.
  • Ability to communicate according to the audience – deep vs. higher level conversations.
  • Strong presentation skills and drive call for action.