Application Security Specialist- Penetration Testing
Are you collaborative, innovative, and enjoy visionary thinking? Are you a self-motivated individual who is hardworking with proven work history? Are you forward thinking, creative individual who willingly takes ownership of complex and challenging initiatives? Then, Apply Now!
Working with one of our top financial clients, this role calls for an Application Security Specialist- Penetration Testing who will guide and advise partners on a broad range of specific Technology Controls and Information Security programs, policies, standards, and incidents. The ideal candidate will engage in assessments related to risk, controls, implemented control procedures, vulnerability, etc.
- Lead or contribute to risk and control design assessments for an assigned business application, business portfolio, and the overall enterprise, as well as risk mitigation and remediation plans and remediation strategy.
- Actively contribute to the definition, development, and oversight of a global security management strategy and framework
- Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats
- Develop ongoing technology risk reporting, monitoring key trends, and defining metrics to measure control effectiveness
- Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps
- Consult on regulatory compliance requirements, reporting and questions
- Provide support and consulting for Audits, help compose management responses and appropriate remediation activities
- Participate in computer security incident responses relevant to business (or enterprise-wide), represent respective position to the business while conveying their needs to the incident response team.
- Adhere to policies, procedures, technology control standards, and regulatory guidelines
- Contribute to internal activity and process review, flag windows for improvement
- Adhere to, advise, oversee, monitor, and enforce enterprise frameworks and methodologies related to technology controls/information security activities
- Influence behavior to reduce risk, foster a strong technology risk management culture
- Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency, and effectiveness
- Manage relationships with other technology/business/corporate/control functions
- Assess, identify and escalate issues appropriately
Desired Skill Set:
- Experience with Threat/adversary modeling
- Experience with Penetration testing (OSCP certificate)
- 5-7 years of relevant experience
- Advanced knowledge of cloud security, pen. testing and/or threat modeling
- University Degree or equivalent combination of experience and education
- Information Security Certification / Accreditation
- Firm commitment to staying informed and abreast of emerging issues, industry trends, etc
- Sound to advanced knowledge of business, technology controls, security, and risk issues
- Demonstrated ability to participate in projects of moderate to high complexity
- Ability and commitment to serve as a subject matter expert on business-specific, cross-functional, and enterprise initiatives
- Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line, or enterprise level
Nice to Have:
- Experience with Cloud (Azure)
- Experience with App Sec
BeachHead is an equal opportunity agency and employer. We advocate for you and welcome anyone regardless of race, color, religion, national origin, sex, physical or mental disability, or age.