Application Security Specialist

TalentOla View all jobs
Irvington, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Irvington, United States of America

Tech stack

Amazon Web Services (AWS)
Software System Penetration Testing
Confluence
JIRA
Azure
Burp Suite
Static Program Analysis
Computer Security
Continuous Integration
DevOps
Github
Intrusion Detection Systems
Virtual Private Networks (VPN)
Network Security
Scrum
Systems Development Life Cycle
Power BI
Secure Coding
SonarQube
Software Vulnerability Management
Webinspect
Grafana
Software Security
Veracode
Firewalls (Computer Science)
GWAPT
Kubernetes
Patch Management
Nessus
Appscan
Terraform
Splunk
Devsecops
Jenkins
ServiceNow
Static Application Security Testing
Dynamic Application Security Testing

Job description

Job Description: Look for someone who has Application Security experience, has worked closely with software developers, conducted threat modeling and secure coding activities, integrated security tools into CI/CD pipelines, and ideally built or led a Security Champions Program or Community of Practice. Leadership, enablement, training, and influencing engineering teams are more important than deep penetration testing or network security experience. Here are some key points that can help you spot a difference between a good candidate for this role: Must-Have Experience Areas You can confirm the candidate has experience in at least 4 5 areas of these: Area Required Application Security Yes Threat Modeling Yes Secure Coding Yes Developer Coaching Yes Security Testing Tools Yes CI/CD Security Yes Security Governance Preferred Security Champion Program Strongly Preferred Compliance Reporting Preferred Metrics & Dashboards Preferred

  1. Must-Have Resume Keywords A strong resume should contain several of these terms: Application Security Application Security (AppSec) Secure SDLC (SSDLC) Secure Development Lifecycle DevSecOps Secure Design Secure Coding Security Architecture Security Review Threat Modeling & Developer Coaching Threat Modeling STRIDE Security Champions Developer Enablement Security Training Secure Coding Training Security Awareness Coaching Developers Security Workshops CI/CD & Automation CI/CD Security DevSecOps Security Gates Pipeline Security Compliance Automation Security Controls Continuous Security Testing Security Testing Tools SAST DAST SCA Static Analysis Dynamic Testing Software Composition Analysis Vulnerability Management Governance & Metrics Security Metrics KPIs Dashboards Compliance Reporting Risk Management Risk Register Governance Security Controls Collaboration Cross-Functional Leadership Stakeholder Management Program Management Change Management Community of Practice (CoP) Security Champion Program

  2. Tools That Should Appear on Resume Look for at least some of these: SAST Checkmarx Veracode Fortify SonarQube Coverity DAST Burp Suite AppScan WebInspect SCA Black Duck Snyk Mend (WhiteSource) CI/CD Jenkins GitHub Actions GitLab CI/CD Azure DevOps Dashboards Power BI Grafana Splunk Collaboration ServiceNow Confluence Jira Microsoft Teams

  3. High-Value Phrases These are the phrases that should immediately catch a your attention: "Built Security Champion Program" "Led Application Security Community of Practice" "Coached development teams on secure coding" "Conducted threat modeling sessions" "Integrated security controls into CI/CD pipelines" "Established AppSec KPIs and dashboards" "Drove security adoption across engineering teams" "Partnered with application owners to remediate vulnerabilities" "Performed secure code reviews" "Developed AppSec training curriculum" "Enabled security adoption across multiple business units" "Acted as liaison between development and security teams"

  4. Red Flags (Reject or Lower Priority) Pure Infrastructure Security Resume focused mainly on:

  • Firewalls
  • Network Security
  • VPN
  • IDS/IPS
  • SOC Operations

Not a fit. Pure Vulnerability Management Only:

  • Nessus scans
  • Patch management
  • Server vulnerability remediation

Not enough AppSec depth. Pure Penetration Tester Only:

  • Ethical hacking
  • Red teaming
  • Bug bounty

May lack program leadership and developer enablement. Pure DevOps Engineer Only:

  • Kubernetes
  • Terraform
  • AWS deployment

Requirements

Need AppSec ownership and security leadership.

  1. Certifications to Prioritize Strong:
  • CSSLP
  • CISSP
  • CRISC

Good:

  • GWAPT
  • GWEB
  • CASE
  • Security+

Nice to Have:

  • Scrum Master
  • SAFe
  • PMP

Apply for this position