ColdFusion Job Opportunity in Las Vegas, NV

We are searching for a detail-oriented Lead Application Security Analyst to join our Security Compliance department. Reporting to the Senior Director of Security Compliance, the primary role of the Lead Application Security Analyst is to consult on all internal development projects.

Essential Functions

  • Develop and implement application penetration testing methods in accordance with PCI DSS requirements 6 and 11.3, and that are based on industry-accepted methods
  • Perform application security testing through a series of internal and external penetration tests, source code security review, threat modeling, vulnerability assessment, and systems security auditing
  • Perform go/no-go analyses at security checkpoints in the product and systems development life cycle (SDLC)
  • Develop secure coding standards to address common coding vulnerabilities that are based on industry-accepted best practices such as OWASP Guide, SANS/CWE Top 25, and CERT Secure Coding
  • Perform application code dynamic and static scans with automated tools, identify vulnerabilities and attack vectors in source code, and recommend remediation plans
  • Audit development methodologies and processes against the secure coding standards and the SDLC
  • Assist with IT security audits and maintain audit records and work papers
  • Perform periodic security risk assessments
  • Review and coordinate changes to information security policies, procedures, and standards in a continuous improvement model
  • Other duties as assigned by management

Knowledge, Skills, and Abilities

  • Experience analyzing coding vulnerabilities in applications written in ColdFusion, HTML5, .NET, and Java is highly desired
  • Familiarity with C++, C#, Objective-C, and Delphi is helpful
  • Ideally the candidate is a CEH (Certified Ethical Hacker) in the network and application layers
  • Experience working with common application security tools such as Fortify, BurpSuite, etc.
  • Working background with the PCI DSS and PA-DSS is desired
  • Some IT security auditing background is desired
  • Excellent verbal and written communication skills
  • Ability to lift and move items weighing up to 50lbs without assistance
  • Self-starter with the ability to perform tasks as an individual contributor or as a project lead

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all duties, responsibilities, and skills.

Education and Experience

  • Established background as an information security practitioner
  • B.A. in Computer Science, information security training, or equivalent work experience
    Industry certifications are a plus

Apply here.

 

Leave a Reply