Application Security Planning and Assessment Consultant Job at DivIHN Integration Inc, Remote

QmRrdnN3VzQyOEZOdm4rVzl4bTBHVHZxRmc9PQ==
  • DivIHN Integration Inc
  • Remote

Job Description

For further inquiries regarding the following opportunity, please contact our Talent Specialist:

Sakthivel Palanisamy at spalanisamy@divihn.com

Title: Application Security Planning and Assessment Consultant

Location: Remote in India

Employment Type: Full-Time

Job Summary: We are seeking a detail-oriented and highly skilled Application ("App") [cyber]Security Consultant to join our team. The ideal candidate will be responsible for planning an AppSec program followed by working in a team to conduct various types of AppSec assessments.

Key Responsibilities:

  • Work with the client to determine and catalog App Inventory by reviewing CMDB (Configuration Management Database) as well as other mechanism (e.g., client interviews, etc.).
  • Review the app inventory, and an analysis model to collect app metadata attributes, such as, deployment platform (thick client, web, cloud, etc.), technology stack (Java, .NET, python, etc.) and many more attributes that helps strategize the follow-on roadmap development.
  • Determine types of security assessment to administer, formulate prioritization criteria, and decide the sequence of individual assessments based on the priority. Below is the partial list of types of app sec assessment:
    • CISA - Secure by Design Standard,
    • OWASP Secure SDLC,
    • Static and Dynamic App Security Testing (SAST and DAST),
    • Static and Dynamic SCA,
    • NIST SP 800-218,
    • API Security,
    • SBOM Analysis,
    • DevOps Readiness,
    • PEN Testing,
    • Software Security Audits, etc.
  • Conduct a 'Gap Analysis' to assess the maturity of the current AppSec program, if one exists:
    • Secure coding standards
    • AppSec best practices during the application design and development process to ensure security is integrated from the start.
    • AppSec Training programs for developers to enhance their understanding of secure coding principles and overall AppSec Program.
  • Package the results of analysis (above and more) to deliver an AppSec Assessment Program Roadmap and Implementation Plan.
  • Identify a 'pilot' phase and execute the same by working with the client teams. The work will involve the 'normal' AppSec Assessment activities below:
    • Conduct thorough application security assessments, including penetration testing, vulnerability scanning, and code reviews.
    • Identify and analyze application vulnerabilities, propose remediation strategies, and assist development teams in implementing solutions.
    • Collaborate with cross-functional teams to establish secure software development lifecycle (SDLC) processes.
    • Generate detailed security assessment reports with actionable recommendations for stakeholders.
  • Stay updated on the latest security trends, tools, and vulnerabilities to proactively address emerging threats.

Qualifications:

  • Bachelor's degree in computer science, cybersecurity, or a related field (or equivalent experience).
  • 5 years of experience in AppSec including *PLANNING* of application security programs.
  • Strong understanding of application security concepts, frameworks (e.g., OWASP), and protocols.
  • Knowledge of one or many of the following themes in AppSec:
    • CISA - Secure by Design Standard,
    • OWASP Secure SDLC,
    • Static and Dynamic App Security Testing (SAST and DAST),
    • Static and Dynamic SCA,
    • NIST SP 800-218,
    • API Security,
    • SBOM Analysis,
    • DevOps Readiness,
    • PEN Testing,
    • Software Security Audits, etc.
  • Prefer: Proficient in programming languages such as Java, Python, C#, or others relevant to application development.
  • Prefer: Any cybersecurity certifications like CEH, CISSP, GWAPT, or equivalent.
  • Excellent analytical, problem-solving, and communication skills.

When applying, you must fill the table below and add to the body of your email when you send your resume. You MUST know AT LEAST one domain to be considered for the job.

AppSec Domain

Knowledge Level

Basic

Intermediate

Advanced

Not Applicable [1]

CISA - Secure by Design Standard

OWASP Secure SDLC

SAST and DAST

Static and Dynamic SCA

NIST SP 800-218

API Security

SBOM Analysis

DevOps Readiness

PEN Testing (VAPT)

Software Security Audits

[1] Put a 'yes' in Not Applicable column, if you do not know that domain. It is OK if you don't know a particular domain or domains. You will still be considered for interview/evaluation based on what you know.

About us:

DivIHN , the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration.

DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.

Job Tags

Full time, Remote job,

Similar Jobs

City of South Fulton

DIRECTOR ECONOMIC DEVELOPMENT Job at City of South Fulton

GENERAL STATEMENT OF POSITIONThis classification directs the overall operations of the Economic Development Department.SPECIFIC DUTIES AND RESPONSIBILITIESEssential Functions:Develops and creates opportunities for economic development projects;Facilitates the development... 

Vanguard

Director, Corporate Physical Security & Executive Protection Program Job at Vanguard

 ...Leads a team in managing and executing complex enterprise security programs and activities, including assessments, risk prioritization...  ...Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and... 

Community Health Systems

Courier Job at Community Health Systems

 ...between facilities, affiliated locations, departments, and other specified areas. This includes, but is not limited to mail, supplies, medical equipment, and/or laboratory specimens.**Essential Functions**+ Delivers parcels, packages, and other deliverables to and from... 

Pleasureland, Inc.

Inside Sales / Retail Salesman Job at Pleasureland, Inc.

 ...with people and being part of a growing team? Then Pleasureland RV Center is the place for you! Pleasureland RV Center is a family-owned...  ...RV Center is currently looking for a full time inside Camper Sales Associate. PleasureLand RV is looking for someone who is wanting... 

ZipRecruiter

Experiential Designer, 3D Renderer Job at ZipRecruiter

 ...transform creative ideas into tangible experiences through 2D and 3D elements, from conceptual and schematic to final build drawings...  ...for the development of 3D computer-generated concept renderings, photo-composites, hand-drawn sketches, and graphics to communicate...