Application Security Consultant
- Washington, DC
K3 Solutions, LLC (K3) is a leading technical solutions and services company, that offers a broad range of expertise in systems modernization efforts, applications support, and business process management services. Our collaborative approach, innovative solutions, and focus on adding value provides our clients with a cost-effective path to addressing, managing, and achieving all of their mission objectives and business goals.
The Application Security Specialist is responsible for ensuring the development of secure Internet-based applications by interacting with software engineers, quality assurance testers, business analysts, and software application managers throughout the software development lifecycle.
- Perform secure code analysis on application code bases.
- Perform application risk assessments and threat modeling.
- Provide resolutions to application security vulnerabilities.
- Assist with the definition and implementation of application security policy, standards, and procedures, including security requirements analysis, application design, construction, and security testing and auditing. Train developers on secure coding best practices.
- Ensure that applications developed are in compliance with all applicable federal, state, and local legislation, and with the Payment Card Industry Data Security Standard (PCI DSS).
- Remain current on new threats, vulnerabilities and countermeasures that relate to information security and pertain to software development to help maintain applications in a highly available and appropriate secure state.
- Assist with the management and implementation of application security related projects.
- Ability to execute both manual and automated comprehensive web application security penetration testing which includes a deep understanding of the architecture of the applications, taking into account applicable exploit vectors and related methods, including dynamically scoping security testing based on associated risks. Must be able to provide and recommend remediation for security vulnerabilities rather than simply identifying them. Experience with one or more of the following languages: Java with Spring framework (preferred), ColdFusion, PHP and .NET. Ability to conduct security based code analysis (manual and automated)
- Hands-on experience using automated and manual web application security tools such as BurpSuite, IBM AppScan, or WebInspect Knowledge of Service Oriented Architecture (SOA) with emphasis in REST and SOAP based web services.
- Working knowledge of WS-Security standards such as WSS and WSI preferred knowledge of common web application vulnerabilities such as OWASP Top 10 or CWE/SANS Top 25. Must be familiar with risk analysis and application vulnerability assessment methodologies, as well as information security concepts and methodologies.
- Excellent oral and written communication skills. Documentation requirements include: incident/defect reports, audit/compliance reports, remediation recommendations, reporting of application security statistics and metrics, technical standards, procedures, and guidelines. Strong team-oriented interpersonal skills Ability to work effectively in a deadline-driven environment.
- Bachelor’s degree in computer science, information systems, engineering, or related discipline required (or equivalent professional experience), plus 5 years of prior combined experience in a software development and information security. At least one year in a dedicated application security role desirable.
US citizenship required.
Email your resume to email@example.com.