Hi, Share resume AT navneet.ya...@contech-it.com *Position:- **Software Security Consultant**(GC/GCEAD/Citizen)*
*Position Type:- Contract to Hire* *Location:- **Jersey City, NJ* *Role:The Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of business objectives and in conformity with client policies. The Software Security Assurance Team is a core function of SRM and is primarily responsible for establishing and guiding the Secure Software Development Program within Client. These activities include creation and rollout of software security policies and best practices, software security architecture, software security scanning, penetration testing and the education of software developers and testers in security best practices. The Software Security Engineer reports to the Director Software Security to ensure the control and protection of software, improve the software development process, and minimize defects and vulnerabilities in software production.Responsibilities:Assess current practices and identify and implement relevant policies to ensure state of the art development practices as they relate to securityInfluences the selection of Software Security Assurance (SSA) program elements including supporting tools.Integrate software security scanning and testing into TDA’s software development, build and testing programsConduct software security testing, including penetration testing, to confirm the results of design and code analysis, investigate software behavior, and verify that the software complies with security requirementsIdentify and categorize information to be contained in or used by TDA software which help determine risk and/or control solutions including application security frameworksRequirements:Bachelor’s degree in a related field and/or a minimum of 7 years of equivalent experience.Experience performing software security architecture, design and requirements analysis for large-scale enterprise systemsSolid understanding of a variety of software security practices, secure code reviews, vulnerability scanning methods, threat modeling, security requirements analysis and architectural risk analysisExpert knowledge in application vulnerability types, attack vectors and remediation approachesExpert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.Familiarity with well-known application security sources and standards such as OWASP, WASC, NIST and CVEExtensive applied knowledge with static and dynamic analysis tools and hacking tools5+ years of enterprise software development experience. Java programming skills including knowledge of JSSE and other security features is preferred. Experience with NET/ASP/C# also a plus.Background in mobile application development (Objective C, HTML5) and mobile security a plus.Development experience with strong Java programming skills including knowledge of JSSE and other security features.Working knowledge of Java development environment including tools and framework used by developers, develops and testers (e.g. Eclipse, Spring, Jenkins, Maven, Jira, Selenium)Experience leading enterprise deployment of application security tools, services and controlsMilitary education or experience may be considered in lieu of requirements above* Thanks Navneet navneet.ya...@contech-it.com -- You received this message because you are subscribed to the Google Groups "oraapps" group. To unsubscribe from this group and stop receiving emails from it, send an email to oraapps+unsubscr...@googlegroups.com. To post to this group, send email to oraapps@googlegroups.com. Visit this group at https://groups.google.com/group/oraapps. For more options, visit https://groups.google.com/d/optout.