Duration: Direct Hire/Permanent
Compensation: up to $160k base/yr + up to 20% bonus + Stock + Benefits
Location: Dallas, TX or Basking Ridge, NJ or Tampa, FL or REMOTE for right candidate
***U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time.***
Security & Risk Management Principal is responsible for Application Security for Corporate Systems and includes Enterprise Vulnerability Management, Cloud Security, Risk Analysis.
- Lead the Enterprise Vulnerability management for Corporate systems including Source Code Scans/Dynamic Application/Open Source Code/IP Scans and Vulnerability remediation.
- Managing adaptive Security including Runtime Application Self Protection, logging & monitoring, Database Security.
- Aligning with Enterprise InfoSec leads for risk assessment of applications including ERP, SaaS and Cloud native solutions.
- Coordinating with a broad cross-section of project teams to explain and enforce security measures.
- Aligning with system integration leads to a review of the architecture and security measures and recommend enhancements.
- Reviewing various security protocols, data encryption, authentication, authorization for ERP landscape.
- Part of AppSecurity management involved in building strategy for protection and mitigation of data security for data at rest and in transit. This includes On Prem, Cloud and hybrid environments.
- Analyzing business impact and exposure based on emerging security threats, vulnerabilities, and risks and recommending solutions to mitigate them.
- Analyzing vulnerability assessments and penetration tests using generally accepted tools, and recommending remediations.
- Complying with Security by design by assisting with the development team in remediation of control deficiencies identified during the security risk assessment.
- Participating in the Security Incident Response Team (SIRT) activities, helping SIRT to respond and recover from security incidents in a timely manner for ERP environments.
- Software Development experience in Java, .NET, DevSecOps, Secure SDLC practices and Threat Modeling.
- Experience with Application Security – Static Application Security Testing (SAST) ex. Fortify, Checkmarx, Dynamic Application Security Testing (DAST) ex. OWASP ZAP and Open Source Software Security (3rd party libraries) ex. Black Duck.
- Experience in Application Logging & Monitoring and provide remediation solutions for the findings.
- Cloud Security experience such as SaaS Solutions and experience with at least one of the following: Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
- Experience in Vulnerability Management includes analyzing metrics and reports and proposing remediation plan and process changes.
- Bachelor's degree or six or more years of work experience
- Working experience in both Linux and Windows environments.
- Knowledge of: Database Security ex. Guardium, Runtime Application Self-Protection (RASP), Splunk and Dashboard Development, Container Security ex. Twistlock Privacy and Data Protection
- Web API & Mobile Application Security Testing – API, Micro Services.
- CSSLP (ISC2) or CISSP (ISC2) or CASE (EC-Council).
- CEH (EC-Council), CCSP (ISC2), CCSK (CSA), AWS Solutions Architect.
- Work independently and report to the Lead/Manager.
- Ability to communicate according to the audience – deep vs. higher level conversations.
- Strong presentation skills and drive call for action.