- Responsibility for the security of LFG applications and services
- Conduct design review, code review, and dynamic analysis
- Identify, communicate, and drive the resolution of vulnerabilities
- Serve as a subject matter expert for application development and infrastructure teams
- Communicate effectively with a wide variety of technical levels
- Perform security assessments of web and mobile applications
- Research and advocate for new security solutions and technologies
- Stay current on security trends, vulnerabilities, and testing methods
- Contribute to related policies, standards, and supporting documentation
- Undergraduate degree or 4+ years of comparable work experience
- OSCP, OSWE, ISC2 CISSP, CSSLP, GIAC GWAPT, GIAC GSSP-Java, GIAC GSSP-NET Preferred
- 5-7+ years of experience in Information Technology that directly aligns with the specific responsibilities for this position
- Extensive experience in web application security
- Strong knowledge of application security throughout the SDLC
- Experience with agile delivery practices
- Experience integrating security into DevOps practices.
- Experience conducting source code review preferred
- Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.
- Experience dynamic analysis with tools such as AppScan, Webinspect, BurpSuite, and OWASP ZAP, etc.
- Familiarity with related network infrastructure, such as firewalls, WAFs, and IPS
- Familiarity with common DMZ architectures
- Prior financial services experience preferred
- Agile Mindset; awareness/understanding of Agile methodologies