"Alerted.org

Job Description

* Note: Onsite in Hyderabad 2x week. *

The Application Security Developer IV will work closely with both engineering (development) teams and the Information Security group to make sure that RealPage applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role.

PRIMARY RESPONSIBILITIES

Shift-Left security in Software Development Life Cycle (SDLC) for various applications.

Provide guidelines, tooling, best practices and implement for:

o SAST

o Dynamic Application Security Testing (DAST)

o Software Composition Analysis (SCA)

o Runtime Application Self-Protection (RASP)

Provide guidance and coaching to teams regarding security remediation efforts

Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines

Work with teams to ensure dependency scans are also part of their development process and pipelines

Provide ongoing improvements and awareness training on new application threats and remediation techniques

Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation

Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities

Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk

Provide guidance to teams on proper storage and retrieval of application secrets

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form (https://airtable.com/app21VjYyxLDIX0ez/shrOg4IQS1J6dRiMo) . The EEOC "Know Your Rights" Poster is available here (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12ScreenRdr.pdf) .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

- 8+ years software development experience,

- Familiarity with SAST, DAST, SCA Scans

- C# .net development primary skill set

- Python or Java Secondary skill set

- Some cloud exposure with hyperscalers preference is azure, aws or gcp is fine

- attention to Code quality. Think of security as part of development, not an afterthought! fortify on demand

invicti net sparker null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].