This job listing has expired and the position may no longer be open for hire.

Application Security - Lead Engineer at Cognizant

Posted in Information Technology 30+ days ago.

This job brought to you by eQuest

Type: Full-Time
Location: Mason, Ohio

Job Description:

1. Maintain positive and effective contact with product owners and Product Management leadership.

2. Define, drive, and maintain an effective application security program.

3. Document application security posture documentation and assist in customer response.

4. Identify and implement improvements to application security practices.

5. Work closely with product owners, developers, scrum masters, and quality assurance.

6. Use influence and data to drive remediation activities.

7. Can augment team by performing:

? Application vulnerability assessments;

? Code review across a variety of programming languages; and

? Assessments of SDLC processes.

8. Assist the broader Compliance and Security team with key activities including:

? Maintaining pertinent policies, standards, and procedures;

? Participating in incident response activities;

? Assist in defining risks and controls as part of our governance, risk and compliance; and

? Other security related projects according to skills.

9. Drive awareness and knowledge of security in developers.

10. Develop testing scripts and procedures.

11. Support Compliance and Security budget planning.

12. Perform other duties as assigned.


Basic (Required):

? Minimum of 1 year work experience managing others.

? Minimum of 4 years work experience in application security.

? Minimum of 1 year work experience in software development as part of a larger team.

? Minimum of 6-8 years of IT or software development experience.

? Strong ethics and understanding of ethics in business and information security.

? Proficient English language written and oral communication skills.

? Understanding and familiarity with common code review methods and standards.

? Experience with application security tools, such as SAST and DAST, including Checkmarx, Veracode, BURP, and ZAP.

? Knowledge of OWASP tools and methodologies.

? Understanding of HTTP and web programming.

? Understanding of tools used as part of the SDLC workflow including Jira, Jenkins, Selenium, TeamViewer, etc.

? Knowledge of standard SDLC practices.

? Ability to complete tasks and deliver professionally written reports for clients.

? Ability to present findings to technical staff and executives.