• Todo el país
  • Buenos Aires
  • Capital Federal
  • Catamarca
  • Chaco
  • Chubut
  • Corrientes
  • Córdoba
  • Entre Ríos
  • Formosa
  • Jujuy
  • La Pampa
  • La Rioja
  • Mendoza
  • Misiones
  • Neuquén
  • Río Negro
  • Salta
  • San Juan
  • San Luis
  • Santa Cruz
  • Santa Fe
  • Santiago del Estero
  • Tierra del Fuego
  • Tucumán
Lugar de Trabajo:
Publicado:
Publicado hace 214 días
Salario
No especificado
Tipo de puesto:
Área:

Application Security subject matter expert providing consultant services to IT professionals on software development processes, best practices, and secure coding standards. 

Main Responsibilities

  • Ensure the enterprise is following application security requirements and principles, secure coding standards and best practices.
  • Provide System Development Lifecycle (SDLC) tools and process consulting to projects and teams to ensure secure design and code.
  • Develop an in-depth understanding of where our scanning and vulnerability date resides, how to access and integrate it to develop measures and deliver trending analysis and better visibility into the state of application security.  This will require driving solution delivery from one of our tool providers.
  • Provide operational support for Application Security technologies (HP Fortify), and consulting for SAST remediation of application security issues.
  • Maintain secure coding guidelines.
  • Provide support to SAST scan using different development IDE’s (i.e., Visual Studio 2005-2015 & Eclipse).
  • Stay current on application security and associated cross-functional issues.
  • Support and evolve the inclusion of appropriate application security clauses in Chevron contracts (working with Procurement and Legal).
  • Develop metrics and deliver trending analysis of application security. 
  • Contribute to the evolution of application security maturity expectations and OC for the enterprise; measure CVX app security maturity; maintain relationship(s) with app security training provider and consult on content development.
  • Active leadership and participation in the Application Security Technical Network (ASTN) and Software Engineering Community of Practice

 

Required Qualifications:

  • Strong communication and presentation skills including the ability to interface across the IT function, and with business partners and external parties globally.
  • Ability to work independently and in alignment with team goals.
  • Database metrics skills: ability to  access and integrate data to develop measures, deliver trending analysis and better visibility into the state of application security.   
  • Knowledge of development languages (E.g ASP, C/C++, .Net, Java, Cobol, Javascript, PHP, Python, T-SQL)
  • Understanding of industry standard lists of vulnerabilities (i.e. OWASP Top 10, SANS 25, cve.mitre, NIST, etc.)
  • Results oriented with strong focus on execution.
  • Motivation and ability to learn new technologies quickly.
  • Critical thinking and problem solving are vital. 
  • 5+ years of experience in designing and developing applications and knowledge in some of the following technologies: Microsoft Development Technology stack (e.g.: .NET, SCM, MVC, WCF; SOA); Java-based technology, Workflow and reporting technologies; Database technologies such as Oracle and SQL Server;
  • Comprehension of various development paradigms such as Object Oriented Programming, Web-Oriented Architecture, etc.

 

Development Opportunities:

  • Ability to influence the IT function and reduce risk across the Enterprise.
  • Ability to build standard operating procedures and processes.
  • Strengthen ability to mitigate vulnerabilities in OWASP Top 10 and knowledge of other industry standard vulnerability lists (i.e. SANS 25, cve.mitre, NIST).
  • Strengthen ability to access and integrate data to develop measures, deliver trending analysis and better visibility into the state of application security. 
El contenido de este aviso es de propiedad del anunciante. Los requisitos de la posición son definidos y administrados por el anunciante sin que Zonajobs sea responsable por ello.
La empresa dio por finalizado este aviso.
¡Te postulaste con éxito!