Senior Cloud Engineer - GA at Horizontal Talent in Atlanta, Georgia

Job Description:

Required

• B.S. degree in Computer Science, Computer Engineering, Information Assurance or related field


• Minimum 5+ years of professional experience in application security, penetration testing, security assessment, secure software development or related field


• Extensive knowledge with dynamic scanners like Palo Alto Prisma or VeraCode.


• Extensive knowledge of the OWASP Top 10


• Experience with vulnerability risk and impact assessment


• Experience integrating security capabilities in cloud and application lifecycle management platforms especially in a DevOps model


• Extensive knowledge of the secure development lifecycle


• Extensive knowledge with static analysis tools and flaw triage such as HP Fortify, IBM Rational, Veracode or Coverity, FindBugs, FindSecurityBugs, Brakeman and Open Source scanning tools such as Sonatype CLM


• Extensive knowledge with vulnerability scanners like Qualys and Tenable


• Excellent written and verbal communication skills


• Strong sense of urgency and ownership

• Extensive experience in application security and ethical hacking


• Extensive experience exploiting web, mobile and application security vulnerabilities


• Extensive experience in software development


• Extensive experience integrating secure coding techniques with product teams


• Professional certifications such as CISSP, CISM, OSCP and CEH

• Identify weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive and confidential company information and data


• Conduct Static Application Security Test (SAST) and Dynamic Application Security Test (DAST) using VeraCode


• Work within the DevSecOps model to secure Containers, withing ROSA, Tekton and OpenShift pipelines


• Possess a knowledge of CI/CD orchestration tools such as Jenkins, Tekton, GitLab, or Bamboo.


• Provide operational support for container security tools (Palo Alto Prisma, Aqua, or equivalent)


• Perform Baseline Image validation of new container template images.


• Perform Vulnerability scans on container environments. Develop, test, and maintain containerized applications security


• Troubleshoot any connectivity or operational issues.


• Ensure security requirements are implemented within various stages of the system development lifecycle process; work closely with development teams to pen test new features within internally developed applications


• Apply software development skills (e.g., Java, C#.NET, JavaScript) to recommend secure coding practices


• Validate and address vulnerability / threat findings from static and dynamic analysis tools


• Characterizes threats and provides recommendations for remediation; manages remediation efforts to completion


• Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company


• Perform security reviews of software designs and assist developers to ensure quality and robustness of our internal products


• Conduct security assessments against web applications and APIs across a variety of technology stacks


• Ensure adequate security requirements and privacy by design are built into all architecture/infrastructure/projects
  • Integrating
  
  
  • threat
  
  
  • modeling
  
  
  • practices
  
  
  • into
  
  
  • the
  
  
  • application testing
  
  
  • lifecycle
  
  


• Impart application security and ethical hacking subject matter expertise into team processes


• Drive improvements in the security testing practice to include execution methodology and metrics


• Partner effectively with development and infrastructure teams to integrate security


• Drive awareness and knowledge of security in developers


• Effectively communicate technical issues to non-technical leaders


• Continually improve proficiency in application and API exploitation, tools, techniques, and countermeasures