Application Security Planning and Assessment Consultant Job at DivIHN Integration Inc, Remote

QmRrdnN3VzQyOEZOdm4rVzl4bTBHVHZxRmc9PQ==
  • DivIHN Integration Inc
  • Remote

Job Description

For further inquiries regarding the following opportunity, please contact our Talent Specialist:

Sakthivel Palanisamy at spalanisamy@divihn.com

Title: Application Security Planning and Assessment Consultant

Location: Remote in India

Employment Type: Full-Time

Job Summary: We are seeking a detail-oriented and highly skilled Application ("App") [cyber]Security Consultant to join our team. The ideal candidate will be responsible for planning an AppSec program followed by working in a team to conduct various types of AppSec assessments.

Key Responsibilities:

  • Work with the client to determine and catalog App Inventory by reviewing CMDB (Configuration Management Database) as well as other mechanism (e.g., client interviews, etc.).
  • Review the app inventory, and an analysis model to collect app metadata attributes, such as, deployment platform (thick client, web, cloud, etc.), technology stack (Java, .NET, python, etc.) and many more attributes that helps strategize the follow-on roadmap development.
  • Determine types of security assessment to administer, formulate prioritization criteria, and decide the sequence of individual assessments based on the priority. Below is the partial list of types of app sec assessment:
    • CISA - Secure by Design Standard,
    • OWASP Secure SDLC,
    • Static and Dynamic App Security Testing (SAST and DAST),
    • Static and Dynamic SCA,
    • NIST SP 800-218,
    • API Security,
    • SBOM Analysis,
    • DevOps Readiness,
    • PEN Testing,
    • Software Security Audits, etc.
  • Conduct a 'Gap Analysis' to assess the maturity of the current AppSec program, if one exists:
    • Secure coding standards
    • AppSec best practices during the application design and development process to ensure security is integrated from the start.
    • AppSec Training programs for developers to enhance their understanding of secure coding principles and overall AppSec Program.
  • Package the results of analysis (above and more) to deliver an AppSec Assessment Program Roadmap and Implementation Plan.
  • Identify a 'pilot' phase and execute the same by working with the client teams. The work will involve the 'normal' AppSec Assessment activities below:
    • Conduct thorough application security assessments, including penetration testing, vulnerability scanning, and code reviews.
    • Identify and analyze application vulnerabilities, propose remediation strategies, and assist development teams in implementing solutions.
    • Collaborate with cross-functional teams to establish secure software development lifecycle (SDLC) processes.
    • Generate detailed security assessment reports with actionable recommendations for stakeholders.
  • Stay updated on the latest security trends, tools, and vulnerabilities to proactively address emerging threats.

Qualifications:

  • Bachelor's degree in computer science, cybersecurity, or a related field (or equivalent experience).
  • 5 years of experience in AppSec including *PLANNING* of application security programs.
  • Strong understanding of application security concepts, frameworks (e.g., OWASP), and protocols.
  • Knowledge of one or many of the following themes in AppSec:
    • CISA - Secure by Design Standard,
    • OWASP Secure SDLC,
    • Static and Dynamic App Security Testing (SAST and DAST),
    • Static and Dynamic SCA,
    • NIST SP 800-218,
    • API Security,
    • SBOM Analysis,
    • DevOps Readiness,
    • PEN Testing,
    • Software Security Audits, etc.
  • Prefer: Proficient in programming languages such as Java, Python, C#, or others relevant to application development.
  • Prefer: Any cybersecurity certifications like CEH, CISSP, GWAPT, or equivalent.
  • Excellent analytical, problem-solving, and communication skills.

When applying, you must fill the table below and add to the body of your email when you send your resume. You MUST know AT LEAST one domain to be considered for the job.

AppSec Domain

Knowledge Level

Basic

Intermediate

Advanced

Not Applicable [1]

CISA - Secure by Design Standard

OWASP Secure SDLC

SAST and DAST

Static and Dynamic SCA

NIST SP 800-218

API Security

SBOM Analysis

DevOps Readiness

PEN Testing (VAPT)

Software Security Audits

[1] Put a 'yes' in Not Applicable column, if you do not know that domain. It is OK if you don't know a particular domain or domains. You will still be considered for interview/evaluation based on what you know.

About us:

DivIHN , the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.

DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.

Job Tags

Full time, Remote job,

Similar Jobs

S*****

Brazilian or Mexican Overseas Operation Specialist Job at S*****

Overseas Operation Specialist-Need Brazilian or MexicanThis Position, Portuguese speaker from Brail or Mexico most welcome.Were a well-known application software provider, also one of the 3 biggest games software providers in China,Our headquarters in BeijingWe are listed...

Amiqus Games

Senior Games Designer (Sports Based Games) Job at Amiqus Games

Show original ad Apply Bookmark job

LiquidPiston

Aerospace Engineer Job at LiquidPiston

 ...The Aerospace Engineer will work on detailed design and prototyping activities related to the development of fixed-wing VTOL/UAS aircraft utilizing LPIs hybrid drive. ***Applicants should have 2+ years applied engineering experience in a fast-paced, product development... 

WPAFB Family Child Care Program

Family Child Care Provider Job at WPAFB Family Child Care Program

 ...Summary Want to work from home, set your own hours/rates, and run your own business? Become an Air Force licensed Family...  ...Wright-Patterson Air Force Base. Providers needed for full-time, part-time, weekend, evening, and 24/7 care. Providers receive free training,... 

Worksite PAY

Entry Level Sales Rep - Orange County Job at Worksite PAY

 ...Worksite PAY is hiring an Account Executive - Sales Rep. In this position, you'll identify and cultivate new prospects from relationships built with Bankers, Accountants, existing clients, as well as direct prospecting efforts. In addition you will cross-sell solutions...