The Application Security Consultant will conduct source code scans and penetration tests to detect vulnerabilities in the web and mobile apps developed at the Bank. The Consultant will also collaborate with developers on architecture and code reviews to prevent additional security vulnerabilities.
You will need enterprise-grade coding skills to advise development teams on how to remediate security vulnerabilities as well as good communications skills to convey to senior management the risk the vulnerabilities present. As a hybrid assessor, you will develop your skillset in both static code scanning and dynamic pen testing.
Core responsibilities include:
• Conducting code scans and pen tests of web / mobile apps
• Building Threat Models and coding secure proof-of-concepts
• Collaborating with application security engineers to configure and tune scanners
Core languages under analysis include Java and .NET (web) and Android and iOS (mobile).
• BS/MS in Computer Science (or relevant work experience as an enterprise developer)
• 3+ years enterprise development experience in Java and/or .NET language(s)
• Knowledge of network and Web related protocols/technologies
• Understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
• Excellent written and oral communication skills
• Experience on Android / iOS mobile platforms
• Experience performing web application vulnerability scanning tools (e.g., Checkmarx, Burp Suite)
• Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
• Familiarity of vulnerabilities and attack methods (e.g., Remote Code Execution, Cross-Site Scripting, Code Injection) and how to identify, trace and remediate them
• One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
Experience as an developer and / or architect at a Financial Institution is a plus.
Shift:1st shift (United States of America)
Hours Per Week:40
Learn more about this role