Title: Information Security Applications Code Assessor
Full time – salaried position
Waterleaf International and engineering, construction and science-based defense and telecom contractor is seeking a qualified Systems Admin to join our growing team. You will be the one to ensure that adequate IT infrastructure is in place and is used to its maximum capabilities. As a System Admin you must be well-versed in all computer systems and all levels of network functions. The ideal candidate will be able to work diligently and accurately and will possess a great problem-solving ability in order to fix issues and ensure functionality. The goal is to install and maintain high quality networks and computer systems.
Tasks and Duty’s
· Performs detailed source code reviews of both new and existing application.
· Performs application security assessments.
· Develops application security standards and policy documentation.
· Perform automated and manual run-time assessments.
· Performs automated and manual code review and threat modeling.
· Performs Secure Development Lifecycle (SDL) process assessments.
· Educates developers on proper secure coding practices.
· Provides and/or organize appropriate application security training and awareness for technical and non-technical staff.
· Acts as security applications subject matter expert (SME), providing consulting solutions and support to Application Development teams.
· Actively manages the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriately.
· Works closely with development teams to remediate application vulnerabilities detected through security scanning tools.
· Liaises with relevant stakeholders within the Technology groups and business units to ensure security awareness and issues are communicated effectively.
· Carries out risk assessments and/or threat modeling to articulate the levels and types of security controls appropriate application/product initiatives.
· Researches, initiates and drives the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software produced.
7+ years of experience with the following:
· Detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows) as well as emerging platform vulnerabilities (e.g., Flash, AJAX).
· Reviewing source code and assisting developers in closing vulnerabilities.
· Performing active black-box penetration testing against web applications, above-and-beyond the use of commercial products or pre-existing scripts.
· Enterprise application development experience in both .NET and Java/J2EEE.
· Secure software development life-cycle.
· Excellent written and verbal communication skills, experienced at communicating with developers as well as technical and non-technical management.
· 4+ years of work experience focused purely on application system and code-level security.
Physical Requirements/Working Environment:
environment may be in data centers, cell sites, military bases and enterprise
offices. The job requires some physical work that can involve routine lifting,
climbing, bending, stooping, crouching, and standing for long hours.
· Must be able to lift up to 50 pounds
· Must be able to walk unassisted up to 5 miles
· Extended time on a computer – repetitive motion.
· Must be capable and eligible for both domestic and international travel.
· Must be able to pass a post-offer/pre-placement drug screen, background check, and able to pass a government Secret or TS if required.
Come grow with us!
Waterleaf is committed to providing equal employment opportunity for all persons regardless of race, color, religion, sex, age, marital status, national origin, citizenship status, disability or veteran status. We provide career advancement, training and education benefits and promote from within.
Waterleaf participates in E-verify. Go to https://www.uscis.gov/e-verify to learn more.
Job Type: Full-time
Work authorization: United States – US Citizen