Key skills
JavaJavaScriptPHPPythonSDLCC#C++CGitHubCI/CDCommunicationCheckmarx
About this role
Role Overview
- Run client SAST/DAST/SCA tools, review outputs and provide recommendations
- Work with development teams to identify and remediate security vulnerabilities
- Provide security guidance during the software development lifecycle (SDLC)
- Identify, track, and prioritize security vulnerabilities
- Validate fixes and conduct retesting
- Implement and maintain application security tools and scanning solutions
- Create reports for technical and non-technical stakeholders
Requirements
- 2-3 years experience working in Application Security
- Understanding of Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. GitHub, etc.)
- Strong working knowledge of Secure Development Lifecycles and experience remediating technical vulnerabilities identified by web application scanning tools, Information Systems architecture, security control design, and development experience
- Deep knowledge of manual testing tools such as Burp Suite Pro
- Knowledge of and experience with SAST/DAST/SCA Application Security tools. Invicti (DAST) or Checkmarx (SAST/SCA) experience highly preferred
- Experience with the integration of tools into development pipelines
- Understanding of a broad range of Application Security issues as well as their mitigation strategies
- Understanding of Application Security related vulnerabilities
- Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C# a plus
- Written communication skills for written interactions with clients
- Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information
- Personal drive and passion to not only continue growing yourself but also the Application Security Engineering practice
- Bachelor's degree in Computer Science or Information Security preferred
- Standard industry certifications are preferred.
Tech Stack
- Java
- JavaScript
- PHP
- Python
- SDLC
Benefits
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option