Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Application Security DLT Lead

PWW Recruiting, LLC.

Application Security DLT Lead

Dallas, TX
Full Time
Paid
  • Responsibilities

    Locations: Dallas -  Jersey City, NJ

     

    Job Description:

     

    Being a member of the Application Security team, you will be part of the Technology Risk initiative to expand the security assessments on Distributed Ledger Technology (DLT) applications and provide SME mentorship to key projects related to DLT.

     

    The Associate Director - Application Security DLT Lead is responsible for managing, providing technical direction and perform security assessment on applications developed using Distributed Ledger Technology (DLT). The person in this role should possess good understanding of DLT and related development expertise to guide project initiatives to ensure implement security standard methodologies

     

    Responsibilities:

     

    Provide technical direction to conduct secure code reviews on DLT applications and expand related function

    Collaborate with OTR Security Architecture to use the established security controls checklist for assessment

    Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments

    Perform threat modeling, design, and code views to assess security implications and requirements

    Be a domain specialist and respond to any security engineering questions/ requests related to Cloud Security

    Research and implement to use tools and techniques to secure and continuously monitor the DLT applications

    Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.

    Develop and establish the security coding standard methodologies

    Cultivate and maintain relationships with key partners at varying organizational levels

    Qualification:

     

    At least 10 years of progressive IT experience, preferably in information security and related experience

    Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions

    A broad and deep understanding of security threats, vulnerabilities, risks associated with nature of DLT systems

    Hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu.

    2 years of experience building smart contracts or codebase contributions related to smart contract analysis, auditing, design, and implementation

    Programming languages such as Go, NodeJS, Kotlin, Java, Rest API.

    Experience with Docker, Kubernetes and other container orchestration solutions.

    Knowledge of Blockchain Deployments on IaaS, SaaS and PaaS offerings on cloud platforms such as AWS, Azure, Kaleido, and others.

    on token protocols and standards such as ERC 20, ERC 721.

    Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more

    Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc)

    Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)

    Experience in facilitating technical conversations between engineering and operations teams.

    Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.

    Excellent verbal and written communication skills

    Experience maintaining relationships with and presenting to senior management

    Ability to work under stress, multitask and be flexible

    Strong planning and project management skills

    Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN.