Engineering

Title: Application Security Specialist
Location: Cambridge, MA
Duration: 6 Months(Extendable)

Roles & Responsibilities:

•    Creating application security related policies & processes
•    Creating RFP for selecting a service provide for application security
•    Analysing RFP results and presenting to stakeholders
•    Coordinate vendor product demonstrations and presentations
•    Analysing application security products from various vendors
•    Conducting pilot or POC with selected vendors for threat modelling, architecture reviews , code scanning and penetration testing
•    Collaborating with cross functional teams and getting their buy in Managed project deadlines.

Skills:

•    Good mediation and facilitation skills
•    Good knowledge of IT Project Management
•    Experience with compliance and security requirements[AR1] related to medical devices, including data privacy.
•    Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
•    Knowledge of OWASP, SDLC, Encryption, Identity and Access Management, data integrity measures
•    capability to design application security related policies and processes deep knowledge of integration between Security and system development life cycle Experience:10+ years of working experience
•    3+ years as an IT security expert
•    Broad and in-depth technical, analytical and conceptual skills
•    Experience in reporting to and communicating with senior level management
•    Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.
•    Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes


Proven experience to create new processes or improve existing process Applicaiton Security Application Architecture MS-Office
Understanding of OWASP top 10 and SANS 25


Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred.
Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred.

Undergrad in Computer Science or relevant is required: Masters degree is preferred

All your information will be kept confidential according to EEO guidelines.