• Work with the security team to ensure the security of in-house developed applications and COTS systems
• Perform analysis, investigation, and remediation of applications and systems partnering with vendors
• Work with the security team to ensure superior OS hardening and other security configuration best practices.
• Provide security assistance to the security and infrastructure team on projects and system architecture.
• Perform behavioral analysis and review of application logs, alerts, and other security information in order to detect potentially malicious events.
• Provide expertise for secure application development practices
• Manage InfoSec development, testing and QA functions to ensure that projects are securely delivered and fulfill security requirements
• Evaluate, test, and recommend new application and coding security techniques and strategies
• Evaluate and recommend new and emerging security products and technologies
• Oversee the code vulnerability scans and applications patching process, to ensure that SLAs around time to remediation are being met.
• Review vendor or third-party security processes.
• Review and recommend Cloud and SaaS solutions from an API security perspective.

Skills: Application Security Expertise, Security Analysis and Investigation, OS Hardening and Security Configuration, Security Consultation and Project Support, Behavioral Analysis and Log Review, Secure Application Development, InfoSec Development Management, Evaluation of Security Technologies

• Identify security issues and risks, and develop mitigation plans
• Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
• Develop and interpret security policies and procedures
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Evaluate and recommend new and emerging security products and technologies
• Participate in tier 2 and tier 3 security operations support, incident handling
• Participate in projects that develop new intellectual property.
• Interact with some of the best developers in the country and work with them to translate security best practices in actions through the whole SDLC
• Investigate weak points within applications' design and architecture. 
• Reverse engineer the full process to find their weaknesses and provide mitigations.
• Design and maintain integration of security tools with existing reporting platforms (e.g. ServiceNow, Power BI) using native integrations or through custom API connectors

Skills: Risk Assessment and Mitigation Planning, Security Tool Architecture and Implementation, Security Policy Development, Training and Awareness, Technology Evaluation and Recommendation, Incident Handling and Security Operations, Intellectual Property Development, Collaboration and Communication

• Monitor and analyze security alerts/logs and information and escalate.
• Conduct penetration tests and vulnerability assessments
• Write secure configuration guidelines for security devices and tools
• Analyze, respond to, and lead security incidents and breaches
• Research and recommend IT Security solutions.
• Manage 3rd-party security assessments 
• Respond to RFPs and customer questionnaires
• Produce security reports pertaining to vulnerability metrics found in testing efforts 
• Report on the status of remediation work related to the implementation, change, retirement or upgrade of IT Security and DR controls and processes
• Advocate security and secure practices throughout Hart products
• Strong experience in application-level vulnerability testing and code-level security auditing
• Identify Memory leaks, Buffer-overflows, especially misallocation of the heap

Skills: Security Monitoring and Analysis, Penetration Testing and Vulnerability Assessment, Secure Configuration Guidelines, Incident Response Leadership, IT Security Solution Research, Third-Party Security Assessment Management, RFP Response and Customer Questionnaires, Security Reporting and Metrics

• Analyze threats and vulnerabilities to determine security impact
• Assess the security of core platform infrastructure
• Build technologies to detect and prevent security vulnerabilities
• Help development teams build security into the Workday platform by performing threat modeling, architecture reviews and code reviews
• Impact the product design by providing secure design patterns
• Provide recommendations for hardening applications and environments
• Perform Web Application penetration testing
• Perform Vulnerability and risk assessments, penetration tests, and educate developers on how to build more secure software
• Leverage automation and build tools that will allow performing security at scale
• Integrate security controls into Azure DevOps and automate the execution and reporting.

Skills: Threat and Vulnerability Analysis, Platform Infrastructure Security, Security Technology Development, Security Integration into Development, Secure Design Patterns, Application Hardening Recommendations, Penetration Testing, Automation and Tool Development

• Verify and assess the security of third-party vendors
• Engineering designs for new software solutions to help mitigate vulnerabilities
• Improvement of software development life cycle
• Improvement of software development pipelines security
• Analyse and investigate security incidents and bug bounty reports
• Performing web security testing/pen testing, vulnerability assessments and code review
• Development and automation of internal security tools Performing threat modeling.
• Write Python, Go, Rust, or Node.js to automate security procedures
• Perform technical security assessments, code audits and design reviews side by side with engineering teams 
• Understanding of Multiple Programming languages like: C++, Java, Javascript, etc.
• Develop technical solutions to help mitigate security vulnerabilities by helping build upon existing automation

Skills: Third-Party Vendor Security Assessment, Software Engineering for Security Solutions, Software Development Life Cycle Improvement, Software Development Pipeline Security Enhancement, Security Incident Analysis and Investigation, Web Security Testing and Penetration Testing, Automation of Security Procedures, Technical Security Assessments and Code Audits

• Understanding of Software Development 
• Strong Security Background, penetration Testing 
• Creative ability to find vulnerabilities
• Experience with vulnerability and application scanning tools.
• Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
• Programming background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar.
• Experience with static analysis tools (e.g., HP Fortify, Coverity, Checkmarx) and knowledge of OWASP tools and methodologies.
• Experience with Cloud Service Providers (Azure and/or AWS)
• Security certifications, such as CISSP, CEH, OSCP, CISA, are desirable.
• Communication skills to create documentation, videos and conduct training classes.
• Evaluate and implement tools/frameworks/services supporting secure software delivery and monitoring
• Verify security vulnerabilities identified by automated tools and configure tools to reduce noise

Qualifications: BS in Computer Science with 4 years of Experience

• Develop threat models with development teams to help expose risks in their deliverables
• Participate in application design and architectural reviews
• Train and mentor development teams on secure coding practices via regular code reviews, pair programming, and training exercises/presentations
• Facilitate activities such as blue/red team events and bug bounty programs
• Lead prioritization discussions to gain traction on important security issues
• Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation
• Draft, evaluate, and monitor compliance with application and development security standards
• Ensures teams are validating for OWASP and performing industry leading application security practices.
• Application security experience, application development experience.
• Experience with SAST and DAST application scanning tools and knowledge of OWASP tools and methodologies
• Knowledge of APIs and best practices for testing and securing
• Knowledge of Bug Bounty programs and integration into SDLC

Qualifications: BS in Cybersecurity with 3 years of Experience

• Knowledge of Web Application Firewalls (WAF)
• Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
• Exposure to container technologies - Docker, Docker Swarm, Kubernetes
• Strong scripting experience - PowerShell, Python, etc.
• Programming background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
• Experience with Cloud Service Providers (Azure and/or AWS)
• In-depth understanding of CI/CD processes and tooling around it.
• Communication skills to create documentation, videos and conduct training classes
• Ability to manage multiple tasks simultaneously and meet established deadlines.
• Ability to collaborate with IT teams on security-related tasks and projects.
• Ability to work productively while remote and communicate effectively in a virtual team environment.
• Ability to stay current with new technology, and strong analytical skills.

Qualifications: BA in Information Systems with 2 years of Experience

• Have web app development/programming background in Java or any other Object-Oriented Programming language - code-savvy: able to do code reviews, analysis, etc.
• Have security champions, be a big-picture thinker.
• Have consulting mindset, help identify gaps to get teams to become more security-minded
• Drives application security under a large tech program with multiple projects and nationwide facing applications involved
• Performs secure coding analysis and reviews
• Equipping teams with the skills and tools to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. 
• Embedding into engineering engagements and team SDLC activities over multiple sprints 
• Identify and prioritize security requirements deficiencies via threat modeling
• Designs practical strategies to fully satisfy or partially compensate the associated risks of the identified threats
• Assists teams in incorporating security best practices into their sprint activities
• Educates stakeholders in the engineering team to be able to perform the above activities
• Architects and develops engineering tools to solve common security engineering problems that development teams are facing.

Qualifications: BS in Software Engineering with 5 years of Experience

• Developing production JavaScript code and strong knowledge of React.JS
• Understanding of state-management patterns such as Redux, Flux or similar, and experience of responsive websites.
• Understanding of the different types of security vulnerabilities.
• Clear thinking, excellent analysis, and problem-solving skills, good learning ability, and team player mentality.
• Strong communication skills, stress resistance, and a keen interest in research.
• Have excellent communication and ability to use layman’s terms.
• Vulnerability scanning tools and methods, such as Nexpose, Nessus, etc.
• Common application attack methods, and associated preventions/defenses
• Knowledge/experience around applications development/deployment on cloud in different models – public, private, hybrid

Qualifications: BS in Information Security with 1.5 years of Experience