|Location||Leeds, United Kingdom|
|Date Posted||March 26, 2018|
We currently require a contractor for a 6 month assignment within the development function of our ever growing client. The role is for an Application Security Consultant who will be involved in a wide scale secure code review. Candidates from Applications Risk will be considered but extensive experience across the full lifecycle is required and ideally with someone having an broad coding background. The rate is open to negotiation and we have a little flexibility with start dates. Further details are below:
" Gap analysis of current SDLC approach against best practice.
" Define the roles and responsibilities for secure development and testing
" Develop the plan of improvement and deliver
" Update and publish standards, processes and procedure for secure development
" Select and implement tools for code analysis
" Develop MI and appropriate KRI's associated with identification and resolution
" Develop a training and awareness plan for staff and deliver
" Develop testing checklists around Information Gathering, Configuration and Deployment testing, Identity management testing, authentication testing, Data Validation, Error Handling, Cryptography etc…
" Develop a threat model
" Develop functional and non-functional test requirements
" Awareness of network security, solution design, testing framework and functional code
" Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
" 5 (or more) years of demonstrated experience in product development, strategy, and market research
" Previous professional information security experience, with penetration testing or "breaker" experience. CEH, CHFI preferable.
" Experience of working in waterfall and agile lifecycles.