Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Application Security DLT Lead

F

FOCUS Employment Solutions, LLC

Application Security DLT Lead

Jersey City, NJ +1 location
Full Time
Paid
Similar Jobs
  • Responsibilities

    Experience Level: Mid-senior

    Experience Required: 10 Years

    Education Level: Bachelor’s Degree

    Job Function: Information Technology

    Industry: Financial Services

    Relocation Assistance: No

    VISA: Only United States Citizens and Green Card Holders

     

    Must-Haves:

    • SME
    • JAVA
    • Hands-on 2 - 3 years’ experience with R3 Corda, Hyperledger Fabric.
    • Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25)
    • Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus, and more
    • Agile

     

    Nice-To-Haves:

    • Docker, Kubernetes, and other container orchestration solutions

     

    Additional Information:

    • Company’s Project ION

     

    Job Description:

    • Being a member of the Application Security team, you will be part of the Technology Risk initiative to expand the security assessments on Distributed Ledger Technology (DLT) applications and provide SME mentorship to key projects related to DLT.
    • The Associate Director - Application Security DLT Lead is responsible for managing, providing technical direction, and performing security assessments on applications developed using Distributed Ledger Technology (DLT). The person in this role should possess an excellent understanding of DLT and related development expertise to guide project initiatives to ensure the implementation of security standard methodologies.

     

    Responsibilities:

    • Provide technical direction to conduct secure code reviews on DLT applications and expand related function
    • Collaborate with OTR Security Architecture to use the established security controls checklist for assessment
    • Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments
    • Perform threat modeling, design, and code views to assess security implications and requirements.
    • Be a domain specialist and respond to any security engineering questions/ requests related to Cloud Security.
    • Research and implement tools and techniques to secure and continuously monitor the DLT applications
    • Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver a high-quality product.
    • Develop and establish the security coding standard methodologies
    • Cultivate and maintain relationships with key partners at varying organizational levels

     

    Qualification:

    • At least 10 years of progressive IT experience, preferably in information security and related experience
    • Domain specialist in several security technologies (depth) with the ability to lead across enterprise Application security functions
    • A broad and deep understanding of security threats, vulnerabilities, risks associated with the nature of DLT systems
    • Hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu.
    • 2 years of experience building smart contracts or codebase contributions related to smart contract analysis, auditing, design, and implementation
    • Programming languages such as Go, NodeJS, Kotlin, Java, Rest API
    • Experience with Docker, Kubernetes, and other container orchestration solutions.
    • Knowledge of Blockchain Deployments on IaaS, SaaS, and PaaS offerings on cloud platforms such as AWS, Azure, Kaleido, and others
    • Token protocols and standards such as ERC 20, ERC 721
    • Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies, and related tools such as Fortify, WebInspect, Burp Suite, Nexus, and more
    • Java/J2EE, JavaScript, Python, etc., and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python, etc.)
    • Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML, etc.)
    • Experience in facilitating technical conversations between engineering and operations teams.
    • Experience in leading global teams, remote employees and evaluating team member performance, and offering career development mentorship.
    • Excellent verbal and written communication skills
    • Experience maintaining relationships with and presenting to senior management
    • Ability to work under stress, multitask and be flexible
    • Vital planning and project management skills
    • Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN.
  • Locations
    Jersey City, NJ • Dallas, TX