Locations: Dallas - Jersey City, NJ
Job Description:
Being a member of the Application Security team, you will be part of the Technology Risk initiative to expand the security assessments on Distributed Ledger Technology (DLT) applications and provide SME mentorship to key projects related to DLT.
The Associate Director - Application Security DLT Lead is responsible for managing, providing technical direction and perform security assessment on applications developed using Distributed Ledger Technology (DLT). The person in this role should possess good understanding of DLT and related development expertise to guide project initiatives to ensure implement security standard methodologies
Responsibilities:
Provide technical direction to conduct secure code reviews on DLT applications and expand related function
Collaborate with OTR Security Architecture to use the established security controls checklist for assessment
Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments
Perform threat modeling, design, and code views to assess security implications and requirements
Be a domain specialist and respond to any security engineering questions/ requests related to Cloud Security
Research and implement to use tools and techniques to secure and continuously monitor the DLT applications
Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.
Develop and establish the security coding standard methodologies
Cultivate and maintain relationships with key partners at varying organizational levels
Qualification:
At least 10 years of progressive IT experience, preferably in information security and related experience
Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions
A broad and deep understanding of security threats, vulnerabilities, risks associated with nature of DLT systems
Hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu.
2 years of experience building smart contracts or codebase contributions related to smart contract analysis, auditing, design, and implementation
Programming languages such as Go, NodeJS, Kotlin, Java, Rest API.
Experience with Docker, Kubernetes and other container orchestration solutions.
Knowledge of Blockchain Deployments on IaaS, SaaS and PaaS offerings on cloud platforms such as AWS, Azure, Kaleido, and others.
on token protocols and standards such as ERC 20, ERC 721.
Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more
Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc)
Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
Experience in facilitating technical conversations between engineering and operations teams.
Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.
Excellent verbal and written communication skills
Experience maintaining relationships with and presenting to senior management
Ability to work under stress, multitask and be flexible
Strong planning and project management skills
Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN.