o Implement Software Security Assurance Process for all HRA/DSS/DHS Applications identified for Data Migration Project to make the applications compliant within mandated Citywide Security Policies
· Scope/Task Breakdown:
o Evaluate and scope applications with the application development teams to identify criticality of the application and identify data sources and elements
o Enforce application security requirements
o Evaluate application architecture to identify gaps in infrastructure security
o Create and enforce standards for use of Firewalls, WAF, Identity Management and Multi Factor Authentication
o Onboard Applications to Threat Modeler and Vulnerability Scanners
o Configure Applications on Vulnerability Scanners to perform Static and Dynamic Scans
o Configure and generate application vulnerability scan reports
Required Skills
5+ years of experience in Application Security & Industry Standards (OWASP, NIST)
5+ years of experience in Secured Software Development Life Cycle (SSDLC)
5+ years of experience in Threat Modelling & Risk Assessments
5+ years of experience in Application Scanning for Vulnerabilities (SAST, DAST)
5+ years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)
5+ years of experience in API Security & Access Controls (OAuth, SAML, SSO)
5+ years of experience in Cloud Security
5+ years of experience in Agile Environment Collaboration
5+ years of experience in Project Management
5+ years of experience in Cross-Functional Team Collaboration
5+ years of experience in Client Engagement & Communication
5+ years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix
5+ years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C++, C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium
5+ years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite
5+ years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
IT System Custom Software Development
Referrals increase your chances of interviewing at TechProjects by 2x