IT Security Auditor
Dimondale, Michigan, United States
Stafford Gray
Drive Innovation and Efficiency with Tech Solutions Get Started Get in Touch with Our Expert Technology Team Today 13456 North Lake Road Gregory, MI 48137 contact@staffordgray.com Ready to take your business to new heights with the latest...Senior Full Stack Security Auditor who is passionate about designing and building secure platforms and applications through Dynamic, Static and Software Composition Analysis assessments. This position is not a member of the Security Operations Center, rather it is dedicated to working with software development teams on secure coding practices. The ideal candidate will feel comfortable working with both front-end and back-end application developers, as well as building, automating, and securing on-premises and cloud-based applications. Partnering with distributed teams to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, this candidate will help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration, verification, compliance, and authorization of systems and their development. They will be a key member of a team tasked with maturing the organization's secure software development practices.
Requirements
Functional Knowledge:
• Experience with Application Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud) a must. Coverity, BlackDuck, CodeDX, Fortify experience preferred, but similar toolsets could suffice.
• Chrome/Firefox/Edge Development tools to see the request/response headers.
• HTTP Request/Response headers for web and Restful API calls
• Ability to explain in detail any of the OWASP top 10 vulnerabilities.
• Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
• API Security
• JWT
• OAUTH/OIDC/PKCE
• Web, API replay attacks
• High-level understanding of containers
• Cloud development experience (Azure, AWS, GCP)
Minimum of 5+ years of total IT related experience.
· 3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode, etc.)
· 3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks.
· 3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
· 3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.
· United States Citizen and ability to pass a CJIS background check.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Azure CERT Cloud Compliance CSRF DAST DevSecOps Full stack GCP Java Node.js Oracle OWASP SANS SAST Scripting SOC SSRF Vulnerabilities XML
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs