• 3 years of relevant work experience
• Software development experience in a production environment
• A deep understanding of the application architecture
• A knack for finding flaws in software and can efficiently communicate how to fix them
• Strong communication skills and is accustomed to working closely with a product team
• Doesn’t always default to industry norms when solving a problem
• An ability to think like an attacker to develop threat models
• Has designed and implemented mitigations for common classes of bugs
• Experience in:WAF
• Authentication (Identity management, MFA/2FA)
• Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)
• Web Services Security (WS-Security, Oauth, JWT)
• Static Source Code Review Tools (e.g. Fortify, Appscan Source, Contrast, etc).
• Application Service Hardening (CIS, NSA/DOD STIGs)
• BA or BS in information security, engineering, computer science, or related areas. A Master’s degree in
an IT field is a plus, and a Master’s in cybersecurity is an even bigger plus.
All IT benefits
• Work with our code
• Develop techniques to ensure development teams find flaws before they are introduced into production
• Be a security subject matter expert and respond to any security development question
• Work with development teams to design solutions that are inherently secure
• Correctly balance security risk and product advancement
• Lead software security initiatives
• Lead or participate in threat modeling discussions
• Perform code deep dives to uncover security vulnerabilities or design
• Document findings and architectural issues for development and other security teams consumption
• Evaluate the security posture of existing applications
• Perform proactive research to detect new attack vectors and pentest internal and external apps