Listing Description
Key Responsibilities:
Close interaction with ICANN project managers and product managers to implement goals of the enterprise application security program
Designing security features and security solutions for a wide range of ICANN services
Collaborating with business unit managers to conduct application security risk assessments
Managing penetration tests and security reviews for core applications and APIs
Managing and refining manual and automated application security testing processes
Developing custom tools to test, monitor and enforce security across our applications
Researching security vulnerability disclosures and designing appropriate mitigations
Working with the Ops Team to identify server side vulnerabilities to facilitate patch management
Overseeing deployment of App Sec training for development and Q/A teams
Work within Agile Dev Teams to create application specific Evil User Stories
Developing and documenting corporate application security policies
Developing and managing application framework and library roadmaps
Developing and overseeing vendor contract requirements /SLA’s / POC’s
Coordination with Ops and Dev Teams on DB and application hardening, standardization of server images / containerization
Experience with providing project management for application security projects.
Experience in coding applications and secure coding practices
Excellent ability to build relationships with developers, business managers and IT engineers
Ability to build and manage a team of technical application security architects and engineers
Passionate about security and protecting data and services provided to our community
Knowledge of all aspects of secure development lifecycle, threat modeling, and web application security assessments
Knowledge and experience with both automated tools and manual techniques used to identify web application and web service vulnerabilities and attack methods including the OWASP top 10.
Strong multi-tasking abilities with attention to detail and the ability to dive deeply into issues
Bachelor's degree in Computer Science, Information Technology, or related field, with 12 years or related experience or a Master’s degree with 10 years of related experience.
Have excellent verbal and written communication skills and strong command of the English language
Be capable of carrying out complex tasks and projects to completion, with minimal supervision
Be capable of interpreting project and task requirements and selecting appropriate methodologies to fulfill them
Experience implementing application security frameworks such as SAMM or BSIMM
Knowledge of common web app and web services vulnerabilities (OWASP Top 10)
Experience with vulnerability scanning, penetration testing and risk assessments
Relevant professional certifications from industry organizations such as GIAC, ISC2, ISACA desired
Flexibility and interpersonal skills coupled with IT security background strongly preferred
Experience implementing and working with defect trackers such as ThreadFix, Defect Dojo desired
Listing Details
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: No Telecommute