Sr. Application Security/Cyber Security Engineer-Henderson NV - Georgia IT Inc.
Henderson, NV
About the Job
Title : Sr. Application Security/Cyber Security Engineer
Location : Henderson NV
Duration : Contract (6+ months)
Rate : DOE
US Citizen, Green Card, TN, GC EAD and H4 EAD only No Third-party agencies corp to corp.
Job Description:
Location : Henderson NV
Duration : Contract (6+ months)
Rate : DOE
US Citizen, Green Card, TN, GC EAD and H4 EAD only No Third-party agencies corp to corp.
Job Description:
- Develop approaches to address the implementation of software and OT security solutions
- Consult development teams on security requirements and utilize common components to meet them and documenting of a secure software development lifecycle
- Be able to scope and participate in hardware and software penetration tests, vulnerability identification, and vulnerability risk assessment
- Create and track meaningful metrics around product cyber-risk and compensating controls
- Create vulnerability and incident trend analysis to improve product design
- Perform end-to-end application security reviews to ensure data, system components, and communication channels are appropriately protected
- Maintain cyber service catalog and conduct proactive vulnerability monitoring and assessment on cyber components
- Engage and administer End-of-Life processes for digital products
- Engage in application and domain-specific threat modeling and attack surface analysis/reduction
- Help prepare reports at appropriate levels of confidentiality for stakeholders to view
- Provides guidance on automated testing tools and techniques
- Maintain documentation of design patterns/recipes for common security requirements
- Architect, design, implement, support, and evaluate security focused tools
- Perform other security functions or tasks as directed.
- Experience with secure coding principles; code signing and secure boot
- Experience with penetration testing and ethical hacking
- Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
- Proficiency in creating dataflow diagrams, network diagrams, and other application related design documents
- Proven experience in security code review and code analysis
- Must be fully proficient in, and able to instruct others, on the OWASP Top 10
- Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
- Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
- Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)
- Minimum of 1 year of experience with secure development life-cycles
Source : Georgia IT Inc.