Lead Application Security Engineer

The Consortium Inc
Rockville, MD
May 22, 2019
May 24, 2019
Full Time
The Lead Security Engineer, will be able to establish themselves as a subject matter expert (SME) in Application Security, while working collaboratively with application and testing teams early in the SDLC to establish security requirements through threat modeling and research activities. Essential Job Functions Help educate application stakeholders to understand relevant security issues, including practical strategies for fully mitigating or partially compensating the associated risks Provide an embedded security SME experience to the application community Lead the identification and prioritization of security requirement deficiencies, and the architecture and design of security controls Develop and implement strategies to promote the consistent use of security controls across the enterprise Take appropriate action to resolve security discrepancies Participate in the identification, evaluation, and recommendation of new security technologies, techniques, and tools Participate in defining, reviewing, and promoting information security policies, standards, guidelines, and procedures Participate in internal process improvement initiatives. Provide feedback on processes by offering suggestions. Mentor junior staff Provide backup coverage for next level management, as appropriate Assist with adherence to relevant technology policies, standards, and guidelines Ensure all work products meetsexceeds standards Desirable Experience Knowledgeable in how to identify and test common AppSec issues and countermeasures Hands on experience with and an understanding of the proscons of common industry threat modeling methodologies eg freeform diagrammatic approaches such as Data andor Process Flow Diagrams vs. questionnaire-based approaches such as Practical Threat Analysis (PTA) Experience with existing Application Security Risk Threat Modeling (ASRTM) solutions, such as Security Compass SD Elements (SDE), MyAppSecurity ThreatModeler, or IriusRisk. Understanding of common industry security categorization schemes, such as STRIDE Understanding of common industry risk ranking models, such as DREAD, CVSS, OWASP Risk Rating Methodology, and how each is most effectively used Building and delivering training content (Brown Bags, ) to Developers, Testers and other security professionals. Knowledge and experience with Amazon Web Services (AWS) security models and configuration Development experience is a plus For consideration, please submit your resume as a MS Word attachment to careersconsortiuminc.com The Consortium "Combining Talent with Technology" www.consortiuminc.com

Similar jobs