Enforces application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

• Manage and Monitor Sentinel (SIEM/SOAR) and Defender.

• Cyber Incident Response.
• Develop and Execute Tier 1 and Tier 2 Security Operations Center (SOC) / Monitoring Standard Operating Procedures (SOP).
• Manage security events data within Microsoft SaaS and IaaS environments.
• Monitor, Detect, and Respond to Security Events / Incidents.
• Generate, review, and brief security events and posture information.
• Familiar with Azure Security Architecture and Controls (or will complete courses / certification).

• Identify necessary improvements and work with Engineering to have them implemented, then test.

• Update Connections to Signals as needed (Snowflake, Datagaps, Github, etc).
• Alerts updated.
• Audit resource logging to insure everything is being monitored.
• Work with AO SOC on log shipping and notifications on Incidents.

Minimum Qualifications

• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.
• 8-15 years of experience in Cyber Security and working in a SOC.

Other Job Specific Skills

• Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
• In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
• Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
• Advanced knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
• Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
• Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
• Experience with static code analysis tools including HP Fortify.
• Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools.
• Experience working with GIT source code management.
• Must have solid working experience and knowledge of Unix/Linux operating system.
• Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB.
• Understanding of Agile/Scrum methodologies is preferred.
• Experience with Axiomatics is preferred.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.