Incident Response and Forensics

About the position

The Incident Response and Forensics position focuses on enforcing application security throughout the software development life cycle. The role involves collaborating with team members to establish security best practices, conducting software architecture reviews, and addressing vulnerabilities across various applications and platforms. The position also includes developing security procedures, monitoring security measures, and serving as a liaison between development teams and stakeholders to ensure complex security requirements are met.

Responsibilities

• Enforce application security in all phases of the software development life cycle.
• Define application security best practices and perform software architecture and design reviews.
• Support the identification, interpretation, and remediation of vulnerabilities across applications.
• Develop security procedures and methods to protect information systems from unauthorized access or destruction.
• Engineer, implement, and monitor security measures for computer systems and networks.
• Document and implement Standard Operating Procedures (SOPs).
• Serve as a liaison between development teams and stakeholders to understand security requirements.
• Evaluate new technologies and processes to enhance security capabilities.
• Write comprehensive reports on assessment findings and recommendations for system security enhancement.
• Conduct penetration tests and manual/automated code reviews.
• Create and deliver training on Secure Code Development and security protocols.
• Design and recommend integrated system solutions to protect proprietary data.

Requirements

• Bachelor's Degree in Computer Science, Engineering, or a related technical discipline; Master's Degree preferred.
• 8-15 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
• Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
• In-depth knowledge of security technologies, single-sign-on, and identity management technologies.
• Expertise in web system security concepts including authentication, authorization, encryption/hashing, SAML, and LDAP.
• Advanced knowledge of web application vulnerabilities such as XSS, SQL injection, and OWASP Top 10.
• Hands-on experience with encryption, hashing, and secure random number generation.
• Advanced knowledge of network-based, system-level, and application layer attacks and mitigation methods.
• Experience with static code analysis tools including HP Fortify.
• Familiarity with JavaScript, NodeJS, and BurpSuite or other intercepting proxy tools.
• Experience with GIT source code management.
• Solid working experience with Unix/Linux operating systems.

Nice-to-haves

• Experience with Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB.
• Understanding of Agile/Scrum methodologies.
• Experience with Axiomatics.

Benefits

• Intermittent Telework
• Competitive salary range of $137k - $170k