Application Security Architect - Remote
Our Application Security Team is hiring an Application Security Architect to their team! The successful candidate will perform application security assessments, write security testing tools, and consult with numerous development teams on best practices for building secure applications. This team works mostly remote within the Continental US. Sense of humor required!!
Responsibilities may include:· Directing the architecture for security testing as part of a continuous integration process
· Performing application vulnerability assessments and penetration tests
· Performing code review across a variety of programming languages
· Selecting and maintaining security testing tools for evaluating developed code
· Writing custom code for various ad-hoc security projects
· Training development teams on writing secure code, methods of identifying and fixing vulnerabilities, and development strategies that minimize risk
Skills Required:· Experience (minimum 5 years) in software development
· Experience (minimum 5 years) programming in javascript, node.js, java, C, C#, .Net, PHP, Python, Ruby
· Experience (minimum 5 years) in application penetration testing
· Knowledge of and ability to identify vulnerabilities in applications written in the above languages
· Knowledge and ability to assess web and non-web applications
· Knowledge of secure coding methodologies including OWASP Secure SDLC, MS-SDLC,
· Ability to write scripts and programs to perform automated security tests
· Experience with dynamic security testing tools such as BurpSuite, ZAProxy, HP Webinspect, Veracode
· Experience with static testing tools such as CheckMarx, Klockwork, Coverity
· Knowledge of CI/CD tools such as CircleCI, Chef, Consul, Artifactory, git
· Knowledge of AWS environments and development within them including CloudFormation
· Knowledge of secure methodologies and programming concepts including cryptography, authentication models and standards, secure libraries, and methods to evaluate their applicability to business and development problems
· Experience, knowledge and presence to teach and train developers on secure coding and development techniques
· Proficiency in written and spoken English
· Ability to present findings and summaries of issues to senior management
· Pro-active and self-motivated including willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance
Fanatics is an EEO. This is a full time role, it is not open to contractors. No third party resumes will be accepted.