Essential Job Functions:
* Knowledge of mobile security technologies
* Familiarity with browser, web service, and operating system security concepts
* Experience with code review, threat modeling, pentests and design analysis.
* Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product planning (MRDs,PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.)
Able to work in a geographically distributed environment
* Strong written and oral skills
* Must be able to convey complex security issues and risks while maintaining a positive relationship with BU product and development teams
* Experience with code analysis tools like Qualys, Fortify, Cigital, Verracode or similar.
Experience and Skills:
Work with engineering groups and developers to embed secure development practices and lead projects to select and deploy developer tools.
* Conduct application security reviews to assess technical and business risk, identify threats and potential security issues in applications, specify solutions and verify through testing.
* Assist in the creation of software specifications specific for secure development and consistently research within security area for threats, common vulnerabilities based on the OWASP Top 10 and new attack models.
* Perform code audits.
* Provide security consultancy and advice to development teams, evaluate security scan results and assist in remediation.
* Develop test plans for security production verification and assist Engineering and QA with security test methodologies and tools
* Build relationships with peers and stakeholder teams (Engineering, QA, Compliance). Establish a trusted security advisor role within designated BU's.
* Assist in developing presentations, security metrics and measurement capability to demonstrate application security and SDL security activities
* Guide teams on adoption and execution of a Secure Product Life Cycle
Job Location: Parsippany, NJ