logo

View all jobs

Application Security Consultant

San Diego, CA
 Job Requirements:
  • Ability to provide technical direction and act as a subject matter expert as it relates to cybersecurity in emerging technologies such as cloud, mobile applications, etc.
  • Knowledge of various protocols and countermeasures against common attacks on web applications, app servers, databases, the HTTP protocol, SSL, DNS, certificates, credentials, forms, web sessions, cookies, tokens, XML, JavaScript, AJAX, JSON, Flash, SFTP, PKI and symmetric crypto, wireless & wired networks, and related Internet technologies
  • Knowledge of open authentication protocols (OAuth, SAML, OpenID, JWT, etc.)
  • Able to perform both automated and manual security assessments for applications
  • Ability to technically evaluate cybersecurity technologies and provide feasibility assessments
  • Able to articulate common risk modeling methods and secure architecture patterns
  • Ability to write and/interpret clear system requirements and test plans
  • Identify security issues and risks, and develop mitigation plans and recommendations
  • Assess architecture, design, data flow, and evaluate security-focused tools and services while acting as the cybersecurity project lead
  • Perform Cybersecurity Risk Assessments on large and medium programs and projects
  • Experience with security frameworks such as NIST 800-53r4, NISTIR 7628, NIST Cybersecurity Framework, CIS Critical Controls, and OWASP
  • Evaluate and recommend new and emerging cybersecurity products and technologies
  • Participate in projects that develop new intellectual property and ensure security policies, requirements, best practices, etc. are met or exceeded
  • Evangelize security within Company and be an advocate for customer trust



Qualifications:
  • At least 5 years of Information Security or Cybersecurity experience
  • At least 3-4 years of experience working with various technologies in (Web) Application Security
  • At least 3-4 years of experience in Information Security Engineering, Auditing, or Architecture
  • At least 2 years of experience with APIs, or web services
  • MS in Computer Science or equivalent desired
  • Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  • Knowledge of common SSL, hashing, and symmetric encryption, especially in Java and .Net environments
  • Ability to create and review network design and architecture patterns
  • Able to articulate risk modeling and able to communicate technical concepts in simple terms both verbally and in written reports
  • Experience with the application of threat modeling or other risk identification techniques
  • Results oriented, high energy, self-motivated is required
  • Excellent written and verbal communication as well as teamwork skills are required
 
Preferred Qualifications and Experience:
  • Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits is desired
  • Experience with service-oriented architecture and web services security desired
  • Secure Software Design and Architecture
  • Experience with Azure/AWS/GCP is highly desired
  • Knowledge of implementing security controls for large complex systems is HIGHLY desired
  • Experience with Docker and Kubernetes
  • Experience with SAP, or Customer Information System (CIS)
  • Experience working in the Energy or Utilities sector is a big plus
  • Cybersecurity/Information Security Certifications highly desired in CISSP, CSSLP, GPEN, OSCP, etc.)
More Openings
GRC Archer Developer
Third Party Risk Analyst
Third Party Risk Lead
Third Party Risk Analyst
Third Party Risk Lead
Share This Job
Powered by