Project Name: The Data Center Colocation and Migration Project

Project Name: The Data Center Colocation and Migration Project

TASKS & DUTIES:

• Objective:
  • Audit and analyze and accredit HRA/DSS/DHS Applications being moved as part of the Data Center Migration Project.
• Scope/Tasks Breakdown:
  • Evaluate Application vulnerability scan reports
  • Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs
  • Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite
  • Communicate and report application vulnerability findings to Business Owner(s) and IT Heads
  • Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment
  • Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment
  • Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s), IT Head and CISO

REQUIRED SKILLS

• 8+ years of experience in Application Security & Industry Standards (OWASP, NIST)
• 8+ years of experience in Secured Software Development Life Cycle (SSDLC)
• 8+ years of experience in Threat Modelling & Risk Assessments
• 5+ years of experience in Application Scanning for Vulnerabilities (SAST, DAST)
• 8+ years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)
• 8+ years of experience in API Security & Access Controls (OAuth, SAML, SSO)
• 8+ years of experience in Cloud Security
• 8+ years of experience in Security Frameworks (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)
• 8+ years of experience in Vulnerability Management & Penetration Testing
• 8+ years of experience in Incident Response & Security Operations
• 8+ years of experience in Security Training & Awareness
• 8+ years of experience in Agile Environment Collaboration
• 8+ years of experience in Project Management
• 8+ years of experience in Cross-Functional Team Collaboration
• 8+ years of experience in Client Engagement & Communication
• 8+ years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix
• 8+ years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C++, C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium
• 8+ years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite
• 8+ years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE