Listing Description
• Designing security features and security solutions for a wide range of ICANN services
• Collaborating with business unit managers to conduct application security risk assessments
• Managing penetration tests and security reviews for core applications and APIs
• Managing and refining manual and automated application security testing processes
• Developing custom tools to test, monitor and enforce security across our applications
• Researching security vulnerability disclosures and designing appropriate mitigations
• Working with the Ops Team to identify server side vulnerabilities to facilitate patch management
• Overseeing deployment of App Sec training for development and Q/A teams
• Work within Agile Dev Teams to create application specific Evil User Stories
• Developing and documenting corporate application security policies
• Developing and managing application framework and library roadmaps
• Developing and overseeing vendor contract requirements /SLA’s / POC’s
• Coordination with Ops and Dev Teams on DB and application hardening, standardization of server images /
containerization• Experience in coding applications and secure coding practices
• Excellent ability to build relationships with developers, business managers and IT engineers
• Ability to build and manage a team of technical application security architects and engineers
• Passionate about security and protecting data and services provided to our community
• Knowledge of all aspects of secure development lifecycle, threat modeling, and web application security assessments
• Knowledge and experience with both automated tools and manual techniques used to identify web application and web
service vulnerabilities and attack methods including the OWASP top 10.
• Strong multi-tasking abilities with attention to detail and the ability to dive deeply into issues
• Bachelor's degree in Computer Science, Information Technology, or related field, with 12 years or related experience or a
• Master’s degree with 10 years of related experience.
• Have excellent verbal and written communication skills and strong command of the English language
• Be capable of carrying out complex tasks and projects to completion, with minimal supervision
• Be capable of interpreting project and task requirements and selecting appropriate methodologies to fulfill them
• Experience implementing application security frameworks such as SAMM or BSIMM
• Knowledge of common web app and web services vulnerabilities (OWASP Top 10)
• Experience with vulnerability scanning, penetration testing and risk assessments
• Relevant professional certifications from industry organizations such as GIAC, ISC2, ISACA desired
• Flexibility and interpersonal skills coupled with IT security background strongly preferred
• Experience implementing and working with defect trackers such as ThreadFix, Defect Dojo desired
Listing Details
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: No Requirements
- Travel: Travel 25
- Telework: Optional Telecommute