Job Details
The Application Security Specialist will be responsible for running and growing the application security program at TAB.Reporting to the VP of Information Security they will work with the DevOps and Software Services teams to provide security assessments and minimize risks with data and application development, focusing on API security and platform integrations.
Essential Duties and Responsibilities:
- Demonstrates ownership and initiative for growing and improving all aspects of the application security program, especially focused on API and integration between multiple platforms
- Develop security strategies for the development process and work with teams to implement and operationalize the strategy
- Push security scanning and developer feedback as early in the process as possible, and prioritize empowering developers to review and fix vulnerabilities on their own
- Advise developers of remediation options, using best practices, to address application vulnerabilities and reduce risk
- Provide scripting and security validation for developer's security practices
- Act as a trainer and mentor to developers and other members of the security team
- Run and manage application security tools such as Rezilion, BlackDuck, WhiteHat, Data Theorem, Synopsys, Rapid7 Insight AppSec.Propose new or updated tools as needed
- Lead vulnerability assessments and monitor multiple applications and services
- Scan and report on open-source packages and work with teams to update these packages
- Organize, run, and triage penetration tests, review reports and prioritize recommendations
- Work with internal and external auditors to provide evidence of progress in the application security program
- Contribute to security policies and standards
- Knowledge of container, cloud, and data storage
- Experience in DevOps and development processes in a SAFe Agile environment is a nice to have
- All other duties as assigned
Requirements:- One or more of CISSP, CSSLP, CEH, CPT, or OSCP - all professional certifications highly valued
- 3+ years' experience preferred, often a learning mindset can offset lower years of experience
- Bachelor's degree or equivalent in Computer Science, MIS, or related field
- Strong interpersonal and communication skills, works well with multiple teams
- Exercise considerable latitude in determining technical objectives of assignment.Completed work is reviewed from a relatively long-term perspective for desired results
- Experience reviewing Java, JavaScript, Groovy, and Python
- Working knowledge of OWASP best practices
TAB Bank Offers:- Onsite Gym
- Tuition Reimbursement
- Paid Holidays
- Gym Reimbursement
- College Scholarships for Employees and Families
- 401(k)
- Paid Time Off (PTO)
- Employee Assistance Program (EAP)
- I Made the Grade
- Holiday Club Program
- Medical, Dental, Vision, Life and AD&D, Voluntary Disability, Flex Spending & Dependent Care
TAB Bank will not sponsor applicants for work visas.