Hello,
Hope you are doing well.
We have an opportunity for Lead API Security Test Automation with one of our clients in Reston, VA (Remote till Covid)
Please see the job details below and let me know if you would be interested in this role.
If interested, please send me a copy of your resume, your contact details, your availability and a good time to connect with you.
Position : Lead API Security Test Automation
Location : Reston, VA (Remote till Covid)
Duration : 12+ Months Contract
Note: Exp - 12 + years Total
Job Description:
• 5+ years' experience reviewing project architectures and solutions.
• 6+ years' experience leading application security architecture efforts that require close collaboration with project teams and business stakeholders.
• Foundational and functional understanding of how API works (RESTful, SOAP)
• Understanding of API security - specifically on common controls for API security (SSO, OAuth, Threat Protection)
• Security elements of API gateway integrations of API - WAF, Websockets
• Familiarity of Identify and Access Management - AWS IAM integrations
• Proficiency in AppSec and Web services security.
• Ability to facilitate communications to business stakeholders and interact effectively with all levels of management.
• Ability to work in a highly collaborative environment and be comfortable with ambiguity.
• Exceptional experience influencing collaborating and negotiating positive outcomes across stakeholders in highly matrixed organization.
• Experience with Enterprise Architecture frameworks such as TOGAF, DoDAF, FEAF etc.
• Ability to lead Security Architecture consultation with other parts of Information Security, Enterprise/Business/Data Architecture, IT and Business partners, and peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and company policies and standards and are compliant with the required frameworks (ISO, SOX, SWIFT, OWASP, NIST Cyber Security, etc.).
• Ability to develop repeatable application security architectures working with internal and external partners. Contribute to the development of architectural reference material to ensure that security practices are being implemented in a repeatable fashion.
• Partner with EA Portfolio and Initiative Architects to assess security threats, identifying and tailoring security requirements, and integrating security controls into the Software Development Lifecycle (SDLC).
• Ability to document and diagram technical systems and architectures.
• Experience in an environment using agile methodology.
• Demonstrated experience integrating security within the various cloud service models (e.g., IaaS, PaaS, SaaS). Able to identify the appropriate security solutions for various cloud implementations. Able to architect, implement, and document system security controls.
• Ability to review system documentation for proposed projects (e.g., system requirements, detailed design/architecture, interface documents, etc.), identify security gaps and provide security recommendations to address those gaps, and complete risk profiles for cloud computing solutions.
• Ability to advise and approve of changes and architectures for assigned areas from an application security perspective.
• Ability to perform as a subject matter expert and contribute to the development of company security policy and procedures.
• Ability to lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally).
• Ability to assess risk to applications associated with emerging threats and threat vectors.
• Previous industry experience with application security including static code review, automatic code scans, and security architecture review, penetration testing, and mitigating application-level vulnerabilities.
• Strong knowledge of networking, Unix/Linux, virtualization, authentication, cryptography. Must be fully conversant up and down the technology stack. Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across the technology stack.
• Must have solid knowledge and understanding of securing all major operating systems.
• Demonstrated working knowledge of major cloud platforms; AWS, Azure, SalesForce, ServiceNow, etc.
• Expert knowledge of the operating system, application, network, and database security architectures.
• Development background particularly building enterprise applications (Java Preferably)
• Excellent verbal and written communication skills.
• Applicable security certifications desired; CISSP, CEH, GIAC, GSEC, or CSSLP or advanced degree in InfoSec.
Mandatory Skills:-
• Strong experience in working with any of below API Security testing tools / frameworks:
• Data Theorem, Synopsys, Ready API, Traceable, JMeter, Postman
• Experience in building security test automation framework for API's
• Design, develop automated test scripts to validate integrity of application components, API's and frameworks
• Identify vulnerabilities across of your API's
• Hands on experience with automation of API's using SOAP UI and RESTful API's
• Experience with Test automation of API's
• Scripting automation using Java or Python based frameworks
Regards,
Rajan Kumar
Technical Recruiter
Expedent Corp | 7423 Las Colinas Blvd, Suite#102, Irving, TX 75063
Direct: +1 (732-444-4696)| Phone / Message : +1 (419-359-3807)
Email: rajan.k@expedent.com
www.expedent.com (E-Verify)
LinkedIn ID:- linkedin.com/in/rajan-kumar-chauhan-823523222
Please note - USC/Green Card candidates are always preferred on our positions…..
We respect your online privacy. If you would like to be removed from our mailing list please reply with "Remove" in the subject and we will comply immediately. We apologize for any inconvenience caused. Please let us know if you have more than one domain. The material in this e-mail is intended only for the use of the individual to whom it is addressed and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended recipient, be advised that the unauthorized use, disclosure, copying, distribution, or the taking of any action in reliance on this information is strictly prohibited.We are an equal opportunity employer with a diverse workforce
