How you will make an impact:
· Conduct application security assessments, encompassing static application security testing (SAST), dynamic application security testing (DAST), code reviews, penetration testing, and security architecture evaluations.
· Collaborate with development teams to integrate security into the software development lifecycle (SDLC).
· Performing threat modeling, design reviews, and secure code reviews on applications and systems
· Provide detailed explanations of common attack vectors such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) to both developers and management.
· Investigate and keep track of new threats and vulnerabilities, stay informed about current industry and technology trends and opportunities, and evaluate their effects on applications and the business.
· Work closely with Development and DevOps engineers to assess and implement security tools within development environments.
· Utilize the OWASP Software Assurance Maturity Model (SAMM) to assess, formulate, and implement a comprehensive software security strategy within the Software Development Lifecycle (SDLC).
· Develop documentation for application security metrics, policies, procedures, standards, guidelines, and training
· Assist with Wiley’s Security Champions program by providing application security expertise to developers and SREs.
· Stay up-to-date with the latest security trends, tools, and technologies.
· Provide security training and awareness to development teams.
· Assist in the development and maintenance of application security documentation.
What we look for:
· Minimum of 2-4 years of experience in increasingly complex, security-related roles
· Strong ability to effectively communicate with colleagues at all levels in the organization, including explaining complex issues and information in simple and actionable ways.
· Expertise in core application security principles
· A strong understand of common software development process
· Strong leadership and strategic thinking skills.
· Experience working with a highly technical and skilled team
· Preferred experience working with SAST, IAST, DAST, RASP and other common application security solutions.
· Certifications (optional but beneficial): CISSP, CEH, OSCP, OSWE, ESEE