Talent.com
Application Security Principal

Application Security Principal

PPL Services CorporationLouisville, Kentucky, US
30+ days ago
Job type
  • Full-time
Job description

Responsibilities

Core Responsibilities

  • Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
  • Define security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training.
  • Develop and maintain the application security architecture, ensuring that it aligns with overall security strategy and standards.
  • Evaluate, implement, and manage security tools and technologies that enhance the security posture of applications.
  • Conduct risk assessments for applications to identify potential vulnerabilities and threats, develop strategies to mitigate these risks.
  • Oversee and coordinate security testing activities, including static code analysis, dynamic application security testing, and penetration testing.
  • Perform system hardening and remediation to effectively guide developers and system administrators in addressing vulnerabilities and implementing security controls.
  • Perform security assessments, penetration testing, and code reviews to identify potential flaws in codes and mitigate vulnerabililties.
  • Analyze security needs and software requirements to determine feasibility of design within time and cost constratints and security requirements.
  • Perform threat modeling, risk assessment, and vulnerability management to identify potential security risks and work with development teams to implement appropriate security controls.
  • Provide guidance and training to development teams on secure coding practices and promote security awareness across the organization.
  • All other duties and projects as assigned.

Qualifications

Education

  • Bachelor’s degree in computer science, Information Security, or a related field.

    • Experience

  • A minimum of 10+ years of experience using penetration testing tools like Burp Suite.
  • Experience in application security tools and IDE Plug-in environments, including HP Fortify.
  • Experience with securing enterprise web applications and OWASP Top 10, CVSS, CWE, WASC, and SANS-25.
  • Expertise in system hardening and remediation.
  • Proficiency in security assessments, penetration testing, and code reviews.
  • Expertise in threat modeling, risk assessment, and vulnerability management.
  • Knowledge of federal compliance standards, including NIST 800-53 and NIST CSF.
  • Strong leadership, communication, and interpersonal skills.
  • Collaborative and effective in cross-functional team environments.
  • Strong analytical skills to assess risks and vulnerabilities in complex systems.

    • Preferred Qualifications

  • Professional certifications such as CISSP, CSSLP, or CEH
  • Cloud Technology Expertise : Demonstrate a working knowledge of various enterprise technology stacks used to build applications in the cloud. Your understanding of cloud infrastructure will enable you to assess secruity aspects unique to cloud-based mobile applications and API's.
  • Cloud Platform Experience : Possess working knowledge and practical experiences in security testing within cloud platforms, particularly Azure. Your familiarity will be crucial for assessing the secruity of cloud-hosted mobile applications and APIs.
  • Proficiency in scripting and automation for security testing.
    • Create a job alert for this search

    Application Security • Louisville, Kentucky, US