Information Security Engineer 5

Company: Kforce Technology ( Learn More )

General Information
US-MN-Minneapolis
N/A
Not Specified
Contractor
Not Specified
Not Specified
False
False
Job Description

RESPONSIBILITIES:

Kforce has a client in search of an Information Security Engineer 5 in Charlotte, North Carolina (NC); Alt: Minneapolis, Minnesota (MN).Summary:Enterprise Information Security within the client is seeking an Information Security Engineer 5 to support application security for the client. In this role, the initial function will be to perform Dynamic Application Security Testing (DAST) retests to determine if remediation of previously identified vulnerabilities in applications was successful. Later, you will work with software development partners to identify and mitigate the security vulnerabilities in applications through Dynamic Application Security Testing (DAST) of applications. Communication with the business security team, information security consultants (ISCs), operation risk consultants (ORCs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within the client.Essential Job Functions:
  • Conduct dynamic application security testing using both manual and automated testing tools
  • Review test results from tools
  • Ensure that automated tests are completed successfully
  • Configure tools as required to be successful in evaluating applications
  • Identify and remove any false positives from automated testing tool reports
  • Triage & disposition results and enforce a Bug Bar
  • Verify/validate defect fixes
  • Provide application security consulting SME Support to developers
  • Assist developers with understanding of security defects and risk
  • Assist in defining acceptable solution to fix defects
  • Communicate Security risk to ISCs and ORCs to document security issues and controls for security planning purposes
  • Help maintain Security Coding Standards and Bug Bar as required
  • Assist in the development of standards as required
  • Provide training
  • Job Requirements

    REQUIREMENTS:

    • 7+ years of experience in security applications and systems
    • 5+ years of DAST (Dynamic Application Security Testing) experience
    • Minimum of 5 years of demonstrated experience with automated penetration tools
    • Minimum of 5 years of demonstrated experience with manual penetration testing tools
    • Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization
    Preferred Skills:
    • Experience working in a large enterprise environment
    • Demonstrated experience developing and reviewing malicious use cases/threat models
    • Knowledge and understanding of information security industry standards and government regulations
    • Knowledge and understanding of banking or financial services industry
    • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, and secure static code analysis
    • Excellent verbal and written communication skills
    • Advanced Information Security technical skills
    • Strong collaboration and partnering skills
    • Strong analytical skills with high attention to detail and accuracy
    • Good attention to detail and accuracy skills
    • Ability to work with limited supervision
    • Ability to work weekends and holidays as needed or scheduled
    • Ability to take on a high level of responsibility, initiative, and accountability
    • Ability to manage multiple and competing priorities
    • Ability to manage complex issues and develop solutions
    Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.