Description

Interview Process: Virtual Interview via MS Teams with 2nd round interviews being held IN PERSON at the Dimondale, MI office. Candidates submitted MUST be willing to come onsite for a face-to-face interview.


 

Long Job Description
Functional Knowledge:
• Chrome/Firefox/Edge Development tools to see the request/response headers
• Experience with Application Security scanning tools (SAST, DAST, SCA, ASOC,
Container/Cloud) a must.
• Experience with Coverity, BlackDuck, STRM, Fortify a plus
• HTTP Request/Response headers for web and Restful API calls
• Ability to explain in detail any of the OWASP top 10 vulnerabilities
• Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
• API Security
• JWT
• OAUTH/OIDC/PKCE
• Web, API replay attacks
• High-level understanding of containers
• Cloud development experience (Azure, AWS, GCP)

 

Minimum of 5+ years of total IT related experience.
3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and
Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security
Controls, Cloud Security Alliance, SafeCode etc.)
3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java,
Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
3+ years with networking, infrastructure, secure application development and security
automation (DevSecOps).
3+ years of hands-on knowledge building and deploying secure complex distributed web and
mobile applications.
 

Education

Any Graduate