| TASKS:

· Prioritize remediation efforts by correlating technical severity with business criticality and data sensitivity. · Partner with development teams to translate complex security findings into clear, actionable technical requirements that can be easily ingested into their remediation workflows. · Prescribe specific coding guidance and design-level mitigations to resolve identified vulnerabilities. · Implement compensating controls when direct remediation is not technically feasible or requires long-term architectural changes. · Lead working sessions and technical walkthroughs to assist developers in accelerating the “time-to-fix.” · Lead structured knowledge transfer sessions to train full-time staff on assessment methodologies and security best practices. | MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered

| · Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessments, or Penetration Testing. · Advanced proficiency in applying OWASP Top 10 and NIST 800-53 standards. · Practical experience operating and configuring SAST/DAST tools (e.g. AppScan, Veracode, Burp Suite). · Proven ability to explain technical vulnerabilities to developers and provide specific, design-level remediation guidance. · Proficiency in using CVSS (Common Vulnerability Scoring System) to correlate technical severity with business impact and data sensitivity.

| DESIRABLE SKILLS/EXPERIENCE: | · Experience testing cloud-native apps (AWS/Azure/GCP), APIs, and microservices. · Strong understanding of Agile/SDLC cycles to effectively coordinate with developers and project managers. · Proficiency in manual, deep-dive testing to validate automated findings and identify complex business logic flaws. · Background working with large, complex organizations or government/public sector environments.