What you’ll be doing...

Join our Application Security team where you will be the technical lead for the Static Analysis Software Testing (SAST) team. You will be well versed in the following: Secure SDLC, Static Analysis Tools, Code Review, PCI/DSS, OWASP Top 10 and Secure Open Source Security solutions.

This role will drive the strategy and extend implementation of systems that support SAST across the enterprise. As part of the SAST team, this role will apply their knowledge and skills to drive the SAST process, identify and solve issues focusing on implementation and continuous improvement.

This role will also be responsible for leading multiple cross functional teams to enforce secure by design with applications across the enterprise, balancing risk reduction and operational challenges. This role will drive the rollout of the SAST (Code and OSS scans) across all Verizon applications, while maintaining existing quality.

Responsibilities:

  • Perform OSS and SAST Code Review sessions with development teams to remove Secure Code Defects from code. Train development teams --driving the SAST process for automation, self-service and self-reliance. Respond to Service Requests within the SAST/OSS 2 day response ELA requirement. Support junior team members for both Code Review and OSS, as needed. Coordinate and manage escalations to meet ELAs and KPIs.
  • Process review and Improvement. Provide development teams with secure application architecture and designs (i.e. threat modeling concepts), which improve application’s security postures and protects the Verizon brand. Maintain current knowledge of industry best practices, while reviewing Verizon AppSec Secure Code and Design Practices, advising management of improvements to maintain and improved Verizon standards. Identify problematic areas around SAST management in a distributed environment, asset tracking, change management and work with the SAST and Infrastructure teams to define and implement enhancements.
  • Review and investigate SAST process and architecture to maintain and exceed established KPIs, while advising SAST team and management of KPIs improvements that provide more value. Investigate possible SAST tool improvement, based on incumbent tool deficiencies, owning and performing challenging tool POCs to completion, including recommendations.
  • Serve as SAST team ambassador/evangelist. Present updates and specific status, as request, to upper management (ED and above). Actively participate, contribute and lead weekly SAST Standards meeting to help address and resolve vulnerabilities issue challenges within the SAST team, thereby providing a consistent message to development teams. Present quarterly SAST AppSec brown bag lunches to Verizon development community.
  • Keep up- to-date with the application security industry and vulnerabilities to contribute to Verizon IP. Participate in SAST platform security architecture design proposals. Contribute to patent submissions. Submit research papers. Attend conference events/ speaking presentations.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or six or more years of work experience.
  • Six or more years of relevant work experience.
  • Information security experience.
  • Experience with SAST/ DAST.

Even better if you have:

  • A degree in Cybersecurity.
  • Certifications: CISSP, CSLLP or willingness to obtain within 9 months of start date.
  • Business acumen to support the implementation of SAST across the enterprise.
  • Ability to perform code reviews with minimal assistance.
  • Experience with two or more of the following application build environments: Visual Studio, MSBUILD, ANT, Jenkins, Maven, Make, etc.
  • Experience with BISMM.
  • Experience with Web Frameworks.
  • Experience with DAST solutions.
  • Experience with Threat Analysis.
  • Experience with DevSecOps.
  • Experience with Secure SDLC.
  • Knowledge of PCI.
  • Experience with at least two SAST solutions.
  • Experience with Open Source Software.
  • Excellent communications and presentation skills (verbal and written).
  • Ability to clearly explain technical AppSec concepts to technical and non-technical personal.

22CyberOPS

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.