Job Seekers, Please send resumes to resumes@hireitpeople.com
Int. type - Either Webcam or In Person.
Short Description: Application Scanning Engineer for Enterprise Application Scanning Platform at State of Michigan reporting into Michigan Cyber Security.
Complete Description:
Years of Experience: 5 or more years of experience in the field.
Application Scanning Engineer for Enterprise Application Scanning Platform at State of Michigan reporting into Michigan Cyber Security
Job Description:
- Run the user onboarding process for SAST and DAST.
- Update Risk Assessment and Enterprise Architecture documents as needed.
- Remediate vulnerabilities across the AppScan environment.
- Leads false positive analysis and related configuration
- Serves as a Subject Matter Expert (SME) in the field of application security.
- Performs security design review, threat modeling and architectural/system security assessments, to ensure that solutions are being designed with a minimal degree of technical risk. The incumbent works to identify, triage, and provide remediation guidance of vulnerabilities within software applications and systems, using a variety of tools, techniques, approaches, and methodologies.
- Security testing of applications using static testing, dynamic testing, and application penetration testing
- Security assessments, risk analysis, recommend security requirements, participate in code reviews, provide security defect remediation guidance, and serve as a consultant to other business units while acting as an Application Security Subject Matter Expert (SME)
- Supports the enterprise security architecture and provides technical expertise to troubleshoot and solve problems as needed.
- System Administration of an application scanning platform such IBM AppScan is not required, but would be of value to the role.
Skill | Required / Desired | Amount | of Experience |
Experience Administering IBM AppScan Enterprise (not the Standard Edition) | Nice to have | 3 | Years |
Experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) | Required | 3 | Years |
Windows, Unix, Linux and related system engineering experience | Desired | 3 | Years |
Java and .NET development experience | Nice to have | 3 | Years |
Working knowledge of LDAP, Active Directory & Security Groups | Required | 3 | Years |
Working knowledge of SSL/TLS protocols and certificate-based solutions | Desired | 3 | Years |
Working knowledge of cryptography, including encryption and hashing | Desired | 3 | Years |
Familiarity with OWASP Top 10 | Highly desired | 3 | Years |
Java and .NET software development experience | Nice to have | 3 | Years |
Basic database programming (SQL, Stored Procedures, etc) experience | Desired | 3 | Years |
Familiarity with the Software Assurance Maturity Model (SAMM) | Highly desired | 3 | Years |
Bachelors or Masters Degree in Information Technology, Computer Science, Engineering or related | Highly desired | 4 | Years |
Security Certification (CISSP or other) | Nice to have | 1 | Years |
Experience performing application scanning with an enterprise application scanning platform/tool | Required | 3 | Years |
