Job Summary:

• Improve enterprise security posture through close collaboration with teams to ensure the adoption of security best practices across the entire application lifecycle
• Implement policies in the AppSec tools suite in accordance with security best practices
• Conduct security reviews of application scan results
• Conduct security reviews Applications, USCYBECOM/JFHQ POAandMs
• Review and approve the application(s) for promotion to the production environment
• Provide recommendations for prioritization based upon existing controls
• Ensure authorized access for all AppSec tools and Track POAandM status
• Monitor and process AppSec ticket(s), such as but not limited to account management, application promotions to production, scan requests, inquiries, etc.
• Track, measure and evaluate application security compliance across the enterprise

Skills on Resume: 

• Security Collaboration (Soft Skills)
• Policy Implementation (Hard Skills)
• Security Review Expertise (Hard Skills)
• Application Approval (Hard Skills)
• Prioritization (Soft Skills)
• Access Management (Hard Skills)
• Ticket Management (Hard Skills)
• Compliance Tracking and Evaluation (Hard Skills)

Job Summary:

• Supports Enterprise Lead Security Architect direction and execution with the goal of improving overall application security.
• Provides training and expertise to various teams on specific relevant topics (for example OWASP Top 10 2017).
• Understands and assists in Layer 7 Firewall Rules.
• Assists in design and security of the Continuous Integration and Deployment (CICD) pipeline, automation and risk tolerance.
• Assists in providing consultation for the design, delivery and quality of secure data application and infrastructure solutions through risk management, guidance, education, and information security expertise for business areas
• Supports the enterprise by enabling secure solutions spanning applications, services, and vendor capabilities, platforms, offerings, and technical architectures
• Documents and escalates policy exceptions or compliance deviations for review and risk assessment
• Supports the information system owner in selecting security controls and provides control validation
• Assists in validating vulnerabilities identified by the Vulnerability program manager.

Skills on Resume: 

• Application Security Expertise (Hard Skills)
• Layer 7 Firewall Rules (Hard Skills)
• Continuous Integration and Deployment (CI/CD) Security (Hard Skills)
• Risk Management and Consultation (Hard Skills)
• Information Security Expertise (Hard Skills)
• Solution Enablement (Hard Skills)
• Policy Compliance (Soft Skills)
• Vulnerability Management (Hard Skills)

Job Summary:

• Perform security assessments against in-house developed applications and authorized third parties, as well as authorized 3rd party cloud providers
• Work with development teams to establish secure coding practices and to identify remediation strategies for application security issues
• Contribute to enterprise application architecture projects
• Development of scripts and/or automation to check for vulnerabilities in the deployment pipeline
• Track and report emerging threats in information security and work with the development teams to develop appropriate defenses
• Monitor and report advancements in IS technologies as well as changes in relevant regulatory standards
• Prepare and update security awareness and training materials
• Participate in information security incident response activities
• Research, identify, administer and support application security analysis tools
• Participate in the development project teams’ meetings such as, sprint planning, daily stand up, sprint review and retrospectives

Skills on Resume: 

• Application Security Assessment (Hard Skills)
• Secure Coding Practices (Soft Skills)
• Enterprise Application Architecture (Hard Skills)
• Scripting and Automation (Hard Skills)
• Threat Monitoring and Reporting (Soft Skills)
• Regulatory Compliance (Hard Skills)
• Security Awareness Training (Soft Skills)
• Incident Response (Hard Skills)

Job Summary:

• Be the main POC for all application security incidents, investigations, events and anomalies
• Advise the business on application software security and liaise with other team members in the creation of application security standards
• Proactively monitor, investigate and respond to information and cyber security related events or incidents in a timely manner
• Conduct first level of analysis for the data acquired and then produce actionable insight
• Alongside the firm's teams and its enterprise systems and processes, assess and process relevant actions and tuning of controls when given data and information in relation to the firm's information security
• Assess the gravity of security alerts and vulnerabilities and potential impacts on the business, advise the firm on recommended next steps and follow through with risk treatment and mitigation
• Responsible for roll out of internal penetration testing program, including planning, execution, and reporting.
• Perform application security vulnerability assessment and management.
• Research and implement tools and/or scripts to achieve a robust testing program.
• Work closely with software engineers to understand the security risk of different parts of the product.
• Work with software engineers to share knowledge around pen-testing process, and secure development best practices.
• Work inside Application Security team, and wider Eng/Product/Security teams to help increase the application security and the maturity of the security program.
• Continuously learn and increase skills in all aspects of web application security.

Skills on Resume: 

• Application Security Expertise (Hard Skills)
• Incident Response (Hard Skills)
• Security Advisory and Standards Development (Hard Skills)
• Monitoring and Analysis (Hard Skills)
• Risk Assessment and Mitigation (Hard Skills)
• Penetration Testing (Hard Skills)
• Vulnerability Assessment and Management (Hard Skills)
• Collaboration and Communication (Soft Skills)

Job Summary:

• Assist in protecting applications, data, and systems by reducing security risks in custom and third-party software applications.
• Has excellent understanding of application security weaknesses for various technologies including web applications, web services, mobile applications, multi-tier applications and databases.
• Strong knowledge of OWASP Top 10 and SANS TOP 25 vulnerabilities and remediation practices associated with each category.
• Expert at using manual technique and automated tools to analyze applications and source code to identify vulnerabilities, triage results, and provide mitigation plans for discovered risks.
• Use automated tools to perform application security test and analyze source code to identify vulnerabilities, triage results, and provide mitigation plans for discovered risks.
• Have strong understanding of the security risks of findings, including ability to describe attack methods, acceptable mitigations, and to describe how inadequate mitigation methods (such as blacklists) do not remove security risk.
• Handle complex issues that may get in the way of quickly and successfully completing the testing engagement.
• Inquiries from application teams for explanation or verification.
• Operationally be responsible for appropriately onboard/off board applications into security test tools to drive system and application security test. 
• Support the testing effort and contribute to the creation or improvement of the testing processes.

Skills on Resume: 

• Application Security Expertise (Hard Skills)
• Familiarity with OWASP Top 10 and SANS TOP 25 (Hard Skills)
• Manual and Automated Testing Proficiency (Hard Skills)
• Vulnerability Analysis Skills (Hard Skills)
• Problem Solving in Testing Engagements (Soft Skills)
• Communication and Explanation Skills (Soft Skills)
• Operational Responsibility (Soft Skills)
• Process Improvement (Soft Skills)

Job Summary:

• Enabling Application security testing and governance, static analysis (Cx), SCA (WhiteSource), Dynamic Analysis (NetSparker), – expertise, app team onboarding, guidance and training.
• Application security : assist teams with source code assessments, opens source risk management processes.
• Lead/Manage Penetration Testing Engagements.
• Identify and map out process automation opportunities, with focus on DevSecOps.
• Enabling automated security testing as part of delivery pipelines.
• Work as part of a full cycle team to deliver, manage and support Product Security solutions and tools.
• Responsible for roll out of internal penetration testing program, including planning, execution, and reporting.
• Perform application security vulnerability assessment and management.
• Research and implement tools and/or scripts to achieve a robust testing program.
• Work closely with software engineers to understand the security risk of different parts of the product.
• Work with software engineers to share knowledge around pen-testing process, and secure development best practices.
• Work inside Application Security team, and wider Eng/Product/Security teams to help increase the application security and the maturity of the security program.
• Continuously learn and increase skills in all aspects of web application security.

Skills on Resume: 

• Expertise in Application Security Testing and Governance (Hard Skills)
• Team Onboarding and Training (Soft Skills)
• Penetration Testing Leadership (Hard Skills)
• Process Automation (Hard Skills)
• Product Security Solutions Delivery (Hard Skills)
• Internal Penetration Testing Program Management (Hard Skills)
• Vulnerability Assessment and Management (Hard Skills)
• Scripting and Tool Implementation (Hard Skills)

Job Summary:

• Define and implement security best practices in the areas of application development, infrastructure/network configuration, and database management
• Implement tools, technologies and processes that enhance Secure SDLC
• Implement security checks/scans in CI/CD pipeline
• Analyze application security risks and vulnerabilities, provide guidance and assist with remediation
• Participate in requirements planning for new products and features
• Train development teams on tools, techniques and best practices
• Stay current with industry trends and source new ways to improve application and system security
• Help the team improve and implement certain processes such as Automation, AI/ML and DevSecOps to streamline the security testing process, reduce testing timelines and deliver better results for our clients. 
• Performing penetration testing activities for our ongoing projects, as well as, upcoming test engagements.
• Assess and Analyze Web Applications, Mobile Applications, API and Cloud Based Systems
• Assist in the development and integration of security automation, DevSecOps and AI/ML Initiatives.
• Assist in streamlining the security testing process from beginning to end.
• Bring new ideas (testing methodologies, automation processes, engagement processes, monitoring/tracking systems, testing tools).

Skills on Resume: 

• Security Best Practices Implementation (Hard Skills)
• Secure Software Development Life Cycle (SDLC) (Hard Skills)
• Continuous Integration/Continuous Deployment (CI/CD) Security (Hard Skills)
• Risk Analysis and Remediation (Hard Skills)
• Requirements Planning and Training (Hard Skills)
• Stay Current with Industry Trends (Hard Skills)
• Process Improvement and Implementation (Hard Skills)
• Penetration Testing and Assessment (Hard Skills)

Job Summary:

• Support Application Development teams with results from scans through reviewing findings with Application Teams and document and tracking security findings through remediation.
• Drive security efficiencies through automaton, enabling security team members to work on more advanced tasks.
• Support Application Development teams with results from scans through reviewing findings with Application Teams and document and tracking security findings through remediation.
• Train developers and junior application security engineers on weaknesses to avoid.
• Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing. 
• Use security standards and implementation configurations, as well as common security frameworks to improve the program.
• Focus on application security that observes compliance –Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws.
• Perform technical analysis of security logs to identify potential security threats before and after occur and establish baseline security models
• Perform regular vulnerability testing of systems, databases, and applications.
• Work with IT Infrastructure team to ensure that new devices are properly monitored, registered and reporting to NOC/SOC.
• Ability to monitor configuration, deployment, and integration of security technologies associated with web applications. This includes web application firewalls, dynamic and static analysis applications and services, and occasional code review.
• Maintain Infosec procedures and report on deployed devices according to the standard build
• Assist in monitoring the configuration, deployment, and integration of enterprise network technologies such as access control, routers, switches, load balancers, firewall, logging, and WIFI.
• Monitoring security tools such as IPS, SIEM, packet analysis, and WAF.
• Maintain adequate compliance documentation presentable for external and internal audits

Skills on Resume: 

• Application Security Knowledge (Hard Skills)
• Automation Skills (Hard Skills)
• Training and Mentorship Abilities (Soft Skills)
• Continuous Learning and Research (Soft Skills)
• Regulatory Compliance Knowledge (Hard Skills)
• Technical Analysis Skills (Hard Skills)
• Integration and Deployment Expertise (Hard Skills)
• Documentation and Reporting (Hard Skills)

Job Summary:

• Use technical writing and effective communication to prepare and deliver presentations to all levels of audiences (peers and or leadership).
• Exhibit critical thinking, ability to tackle complex problems, peer review teams work for accuracy and areas of improvement.
• Apply critical thinking to the configuration and use of tools for automation and manual techniques for the purpose of easing the integration of Secure Application Design and Development over the Secure Software Development Lifecycle.
• Demonstrate thorough knowledge of, Information Security concepts, principles and standards and application in a large enterprise environment
• Support and coordination of Information Security Governance in an enterprise environment.
• Ability to identify requirements from our customers, stakeholders and leaders alike and practice effective collaboration with all levels of stakeholders and project resources.
• Responsible for protecting the confidentiality and integrity of the organization's information assets.
• Responsible for monitoring networks for security events and alerts to potential/active threats, intrusions, and/or indicators of compromise through advanced analysis and threat hunting.
• Review the Incident Response Program for potential modifications and provide recommendations for enhancements and/or process improvements.
• Perform advanced threat-hunting techniques for threats that can not be identified using existing automated security tools.
• Investigate and analyze internal and external adversaries and indicators of compromise.
• Proactively identify indicators of compromise and generate and execute an Incident Response Plan upon detection.
• Utilize cyber security analysis to generate security incident reports and document findings.

Skills on Resume: 

• Technical Writing and Effective Communication (Soft Skills)
• Critical Thinking and Problem-Solving (Hard Skills)
• Configuration and Use of Tools (Hard Skills)
• Knowledge of Information Security Concepts (Hard Skills)
• Information Security Governance (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Incident Response and Threat Monitoring (Hard Skills)
• Cybersecurity Analysis and Reporting (Hard Skills)

Job Summary:

• Identify SAST tools/frameworks that can be implemented within MPI’s ecosystem, in accordance with the already completed Gap Analysis, and known Nova End-of-Life schedule
• Analyzes current Software Lifecycle activities within DevOps tool
• Participates in any RFP activities related to acquiring new software and/or tools
• Installs selected vendor software and evaluates new packages.
• Prepares or assists with feasibility studies (cost benefit analysis or business case), requirement definitions, project plans and estimates, implementation designs, systems and programs specifications, and systems and client documentation.
• Defines testing requirements and provides status reports
• Leads team in the selection of the appropriate SAST toolset Provides both technical and general direction to project staff.
• Conducts regular meetings with Apsrv Management and Leadership on the status of the project
• Utilizes MPI project management tools to monitor and review project personnel and activities.
• Develops procedures for the work processes related to the SAST initiative
• Develops programs/applications using provided design and analysis documents in accordance with established criteria and standards.
• Evaluates, modifies, and tests existing DevOps platform in the context of SAST.
• Prepares operational documentation for the development teams that will use the SAST tools
• Coordinates change and implementation activities in accordance with established criteria and standards.

.

Skills on Resume:

• Expertise in SAST Tools/Frameworks (Hard Skills)
• DevOps Lifecycle Analysis (Hard Skills)
• RFP Participation (Hard Skills)
• Software Installation and Evaluation (Hard Skills)
• Project Management and Documentation (Hard Skills)
• Testing and Reporting (Hard Skills)
• Leadership and Direction (Soft Skills)
• Change Management and Implementation (Soft Skills)