Responsibility

• Responsibility for the security of LFG applications and services
• Conduct design review, code review, and dynamic analysis
• Identify, communicate, and drive the resolution of vulnerabilities
• Serve as a subject matter expert for application development and infrastructure teams
• Communicate effectively with a wide variety of technical levels
• Perform security assessments of web and mobile applications
• Research and advocate for new security solutions and technologies
• Stay current on security trends, vulnerabilities, and testing methods
• Contribute to related policies, standards, and supporting documentation

Education

• Undergraduate degree or 4+ years of comparable work experience
• OSCP, OSWE, ISC2 CISSP, CSSLP, GIAC GWAPT, GIAC GSSP-Java, GIAC GSSP-NET Preferred

Experience

• 5-7+ years of experience in Information Technology that directly aligns with the specific responsibilities for this position
• Extensive experience in web application security
• Strong knowledge of application security throughout the SDLC
• Experience with agile delivery practices
• Experience integrating security into DevOps practices.
• Experience conducting source code review preferred
• Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.
• Experience dynamic analysis with tools such as AppScan, Webinspect, BurpSuite, and OWASP ZAP, etc.
• Familiarity with related network infrastructure, such as firewalls, WAFs, and IPS
• Familiarity with common DMZ architectures
• Prior financial services experience preferred
• Agile Mindset; awareness/understanding of Agile methodologies