Qualifications:
• Ensure that the Static Application Security Testing (SAST) environment is performing optimally
• Provide education and guidance about SAST tools and process best practices
• Ensure compliance with applicable Policies, Standards, Requirements and Directives
• Assist with audits to demonstrate compliance
• Schedule, scope and prioritize SAST assessments of applications
• Identify, document, rate, and communicate vulnerabilities to responsible teams
• Reproduce, demonstrate and retest vulnerabilities
• Maintain awareness of security issues amongst development community
• Continually improve SAST process and environment
• Provide expertise in Continuous Test/Integration/Deployment platforms
Requirement
• 3+ years of application security experience
• Must be familiar with OWASP top ten understanding of vulnerability governance and reporting
• Working experience with Software Composition Analysis (SCA) tools - Black Duck, Sonatype Nexus, etc.
• Working experience with Static Application Security Testing (SAST) tools - Fortify, Checkmarx, Veracode, etc.
• Experience in consuming APIs
• Experience with cloud security - AWS Cloud preferred
• Experience with code repository management platforms - GitHub, BitBucket, GitLab
• Experience developing cloud native CI/CD workflows and tools, such as Jenkins, Circle CI and/or GitLab
• Experience with infrastructure automation tools and coding/scripting (i.e. ansible, terraform, python, Shell script)
• Fluent in Linux OS (i.e. Ubuntu, Debian)
• Must be a team player with great interpersonal skills