Chevron is a multinational company in the energy industry which operates worldwide with a wide range of business strategies constantly growing and expanding its operational scope.
Buenos Aires Shared Services Center (BASSC) is a global operation offering Finance and IT Services to support Chevron´s worldwide business. Chevron values integrity, trust, diversity and ingenuity.
Chevron is accepting online applications for the position of Application Security Analyst with advanced or bilingual English level to join our ITC team in our Shared Services Center located in Puerto Madero, Argentina.
Responsibilities for this position will be:
• Subject matter expert on software development processes, best practices, and secure coding standards
• Provide operational support for Application Security technologies (HP Fortify), and consulting for remediation of application security issues
• Provide support to scan using different development IDE’s (i.e., Visual Studio 2005-2015 & Eclipse)
• Provide System Development Lifecycle (SDLC) tools and process consulting to projects and teams to ensure secure design and code
• Facilitate competency development for Application Professional role (Application Developer and Application Support Analyst)
• Active leadership and participation in the Application Security Technical Network (ASTN) and Software Engineering Community of Practice; connect to other CoPs
• Ensure the enterprise is following application security requirements and principles, secure coding standards and best practices
• Maintain coding guidelines
• Stay current on application security and associated cross-functional issues.
• Support and evolve the inclusion of appropriate application security clauses in Chevron contracts (working with Procurement and Legal)
• Continue evolution of app security maturity expectations and OC for the enterprise; measure CVX app security maturity; maintain relationship(s) with app security training provider and consult on content development
• Minimum 5+ years of hands-on experience with formal application development project execution
• Technical Skills: 5+ years of hands-on design and development experience using Microsoft Development Technology stack, in particular .NET, SCM, MVC, WCF; SOA; Java-based technology, workflow and reporting technologies; database technologies such as Oracle and SQL Server
• Experience mitigating vulnerabilities in OWASP Top 10 and knowledge of other industry standard vulnerability lists (i.e. SANS 25, etc.)
• Experience finding known vulnerabilities and where they are listed for the industry (i.e. cve.mitre, NIST, etc.)
• Strong communication and presentation skills including the ability to interface across the IT function, and with business partners and external parties across the world at an appropriate level of detail
• In-depth understanding of industry standard lists of vulnerabilities (i.e. OWASP Top 10)
• Comprehension of various development paradigms such as Object Oriented Programming, Web-Oriented Architecture, etc.
• Motivation to learn new technologies quickly.
• Ability to prioritize work, and juggle multiple complex tasks.
• Ability to work collaboratively within a team of high value added individual contributors.
• Self-starter with ability to work independently but in alignment with team goals.
• Results oriented with strong focus on execution.
• Must thrive in a fast-paced, multi-tasking environment with increasing demands between operational and projects tasks.
• Critical thinking and problem solving are vital.
• Experience building standard operating procedures and processes.