New Job :: Cyber Security :: Dimondale, MI -Hybrid :: Contract

Hi 
 
Please share the best resume along with the LinkedIn profile (Local to Michigan only or with a Michigan DL or with Michigan utility bills)

Job Title: Cyber Security – MCS- DTMB- 134181
Location: Dimondale, MI
Position Type: Contract
Duration: 1 year with possible extension.
Position will be hybrid – 2 days a week onsite and 3 days working from home. Candidates MUST be local at time of submission. Hiring manager is not currently interested in candidates who will need to relocate to accept offer.

Short Job Description
We are seeking a Senior Full Stack Application Development Security Auditor who is passionate about designing and building secure platforms and applications through Dynamic, Static, and Software Composition Analysis assessments. This role is dedicated to working closely with software development teams on secure coding practices, rather than being a part of the Security Operations Center. The ideal candidate should be comfortable collaborating with front-end, back-end, and cloud-based application developers, helping to transform the way systems are built, secured, authorized, and operated securely for continuous compliance and risk mitigation. The position involves leading efforts to implement security patterns and practices with orchestration and automation tools that ensure secure configuration, verification, compliance, and authorization of systems throughout their development lifecycle. The selected individual will be a key member of a team focused on maturing the organization’s secure software development practices.

Detailed Job Description
Responsibilities:
  • Collaborate with software development teams to integrate security into all stages of the software development lifecycle.
  • Conduct Dynamic, Static, and Software Composition Analysis (SAST, DAST, SCA) assessments to identify vulnerabilities in software applications.
  • Educate and guide development teams on secure coding practices, utilizing tools such as Coverity, BlackDuck, SRM, and Fortify.
  • Provide detailed explanations and training on OWASP Top 10 vulnerabilities, including Cross-Site Scripting, Injection attacks, SSRF, CSRF, XML entity vulnerabilities, and more.
  • Assist teams in mitigating vulnerabilities through secure coding techniques, testing, and validation.
  • Develop and deploy secure applications in cloud environments (Azure, AWS, GCP), ensuring that applications are resilient against web and API replay attacks.
  • Implement and enforce secure coding standards and practices, utilizing security frameworks and guidelines such as OWASP, SANS, CERT, CWE, and Critical Security Controls.
  • Participate in the development and implementation of security automation (DevSecOps) practices.
  • Maintain a high-level understanding of container security and cloud development.
Qualifications:
  • Experience: Minimum of 5+ years of IT-related experience with at least 3+ years in the following areas:
    • Implementing and utilizing Federal, Industry, and Open-Source Security Guidance and Secure Coding Practices (e.g., OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode).
    • Hands-on experience with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App Server, Oracle JBoss, .NET stacks.
    • Networking, infrastructure, secure application development, and security automation (DevSecOps).
    • Building and deploying secure, complex distributed web and mobile applications.
  • Technical Skills:
    • Proficiency in Chrome/Firefox/Edge Development tools for analyzing request/response headers.
    • In-depth knowledge of Application Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud).
    • Understanding of HTTP Request/Response headers for web and Restful API calls.
    • Expertise in API Security, including JWT, OAUTH/OIDC/PKCE.
    • Familiarity with cloud environments and container security.
Preferred Qualifications:
  • Previous experience working with security tools such as Coverity, BlackDuck, SRM, Fortify.
  • Experience in cloud development (Azure, AWS, GCP).
  • Proven ability to educate and guide software development teams on secure coding practices and security best practices.
  • Excellent communication skills and the ability to explain complex security concepts to technical and non-technical stakeholders.

Pre-Screening Questions
  1. Please describe your actual experience with tools in the following categories (SAST, SCA, ASOC, DAST).
  2. How do you collaborate with teams to enable security within applications?
  3. Please describe how you would demonstrate to a team member the details of an attack using tools, traces, and the OWASP Top 10.
  4. Please describe a time when you assisted a team or developer in remediating a vulnerability or weakness. Include details about the testing, coding changes you suggested, and the outcome.

Note: All information provided in response to the pre-screening questions should be directly from the candidate. Please do not use AI/ChatGPT or any other automated tools when submitting your answers
 
Thanks & Regards
Ashish Sharma
Recruiter, PiplNow LLC
[email protected] |www.piplnow.com Linkedin
https://www.linkedin.com/in/ashish-sharma-19b22116b/
Signature

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments