LOCATION: Overland Park KS 66251
Web Application Security with Application Scanning and Security Life Cycle
Position will be responsible for External and Internal Hacking for Web Application
More experience required for Developer II, skills will remain same for both the positions.
Firewalls: Akamai Kona / F5 ASM / Modsecurity
Production or Development experience with Security Background
REMOTE OPTION AVAILABLE
Devops / Infrastructure
Any Scanning tools will work but candidate having experience with Burp Suite or ZAP or IBM AppScan will be preferred as Sprint using it
The AppSec team works on initiatives that prevent, detect, and respond to malicious activity. Risk/threat assessment, incident response, security architecture, vulnerability management, governance and compliance, security awareness and training, security operations, among many other efforts make up the information security program. This is a key role within the Information Security department that will be focused on application security.
Responsibilities include:
¿ Providing engineering and development direction for application security designs.
¿ Configure and oversee web application firewalls.
¿ Providing security solution integration with various security testing tools.
¿ Working with application teams, fraud and devops on security solutions.
¿ Conduct application scans and provide remediation recommendations.
¿ Involvement in bug bounty program.
¿ Educating others on application security standards and best practices
¿ Contribute to developing, maintaining and improving security in our SDLC process
Basic Qualifications
¿ A Bachelor¿s degree plus 3 years of industry experience.
¿ Minimum 3 years on experience with web application and web service implementation.
¿ Hands on experience with application development is required.
¿ Familiarity with the OWASP framework and application security best practices.
¿ Passion to work on newer technologies and explore the security domain.
¿ Strong written and verbal communication skills. Specific relevant experience should include writing and presenting application security assessment reports.
Preferred Qualifications
¿ Knowledge of web application firewalls (Akamai Kona, F5 ASM, Modsecurity).
¿ Experience implementing DevOps tool-chain (Jenkins, SonarQube, GitHub, Nexus, Code quality tools) implementation and automation
¿ Hands on use of security testing tools (Burp Suite, ZAP, IBM AppScan)
¿ Knowledge of encryption technologies (web, database, and file).
¿ Knowledge of Identity and Access management and its application in an enterprise.
¿ Assisted in investigation of security incidents
¿ Evaluation of new software projects, technologies and services
¿ Assisted in support of firewalls, content engines, intrusion detection/prevention systems
Required Skills Required Experience