Posted:2 days ago|
Platform:
On-site
Full Time
The Application Security Developer IV will work closely with both engineering (development) teams and the Information Security group to make sure that RealPage applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role. PRIMARY RESPONSIBILITIES • Shift-Left security in Software Development Life Cycle (SDLC) for various applications. • Provide guidelines, tooling, best practices and implement for: o SAST o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o Runtime Application Self-Protection (RASP) • Provide guidance and coaching to teams regarding security remediation efforts • Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines • Work with teams to ensure dependency scans are also part of their development process and pipelines • Provide ongoing improvements and awareness training on new application threats and remediation techniques • Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation • Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities • Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk • Provide guidance to teams on proper storage and retrieval of application secrets
• 5+ years C# .NET
• Web API
• SQL
• Deep familiarity with the OWASP Top 10 and other security concerns for web applications
• Familiarity with OWASP Application Security Verification Standards (ASVS)
• Familiarity with SAST, DAST, SCA Scans
• Preferred: python or java
fortify on demand invicti net sparker
Insight Global
Upload Resume
Drag or click to upload
Your data is secure with us, protected by advanced encryption.
Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.
We have sent an OTP to your contact. Please enter it below to verify.
Instantly access job listings, apply easily, and track applications.
Practice Python coding challenges to boost your skills
Start Practicing Python Now
Hyderabad, Telangana, India
Salary: Not disclosed
3.0 - 4.5 Lacs P.A.
Pune, Maharashtra, India
Salary: Not disclosed
Pune, Maharashtra, India
Salary: Not disclosed
noida, uttar pradesh
Salary: Not disclosed
4.0 - 8.0 Lacs P.A.
Bengaluru
6.0 - 10.0 Lacs P.A.
Pune, Maharashtra, India
Salary: Not disclosed
Pune, Maharashtra, India
Salary: Not disclosed
Hyderabad
15.0 - 17.99988 Lacs P.A.
