POSTED Feb 22

Application Security Manager

Cyber Security Application Security Manager

Position Summary

Companies increasingly depend on information technology (IT) to conduct daily business activities, so they need to secure and control their technology infrastructure. Grant Thornton’s Cyber Risk Advisory Services practice addresses these security and control issues. We are looking for consultants with extensive consulting, technological and industry experience who will help our clients solve their complex business issues from strategy through execution. A Cyber Risk consulting career will provide the opportunity to grow and contribute to our client(s) business issues every day, applying a collection of information and Cyber security capabilities, including security and privacy strategy and governance, IT risk, security testing, technology implementation/operations, and cybercrime and breach response.

Our Application Security (AppSec) services help clients understand the current application security risk landscape, make cyber security a collective priority, and develop and implement solutions across people, processes, and technologies. We provide the foundations to design, manage and operate an application security program aligned to a business strategy and increase organizational resilience in the face of an ever-changing threat landscape.

Essential Duties and Responsibilities

Adhere to the highest degree of professional standards and strict client confidentiality.
Execute assigned client engagements from start to finish, which includes the engagement planning, directing, and completion of those engagements to budget.
Recommend strategies to modernize application security programs using DSOMM, CI/CD, and SLSA frameworks.
Execute manual/tool-driven threat modeling and security testing.
Execute Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Programming Interface (API) security testing, Software Composition Analysis (SCA), & Manual Penetration Testing (MPT), network, database, and wireless vulnerability assessments.
Execute security scanning/testing of modern applications at code, container, API, Web, Mobile, and cloud layers.
Execute application security program-level assessment using industry best practices, such as Agile, NIST, and SAFECode.
Assist clients in planning and executing remediation plans identified in assessment activities.
Work with the client to plan an engagement strategy, define objectives, and address technology-related controls risks and issues.
Proactively interact with key client management to gather information, resolve problems, and make recommendations for improvements.
Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Participate in professional development activities and training sessions basis regularly.
Other duties as assigned.

Qualifications

Minimum Year(s) of Experience: 5 years.
Bachelor’s degree in Information Technology, Computer Science, or a related field is required.
Masters in Cybersecurity, Information Systems, or Business Administration is preferred.
Certification (s) Preferred: Certified Information Systems Security Professional (CISSP), GIAC Certified Web Application Defender (GWEB), Certified Application Security Engineer (CASE), Certified Application Security Specialist (CASS), SANS SEC540 Could Security and DevSecOps Automation, and Certified DevSecOps Professional (CDP).
Complete understanding of Industry Standards/frameworks such as DevSecOps, NIST, ISO 27001, PCI-DSS, etc. is necessary.
Demonstrate proven and extensive abilities in solving complex application security issues, including the following areas:
- Design and development of application security programs using industry frameworks and methodologies.
- Perform threat modeling for legacy/modern applications.
- Implementation and maintenance of enterprise-wide Secure SDLC and DevSecOps framework.
- Assessment of enterprise-wide business risks and cyber threats.
- Development of detailed business risk scenarios and cyber threat models.
- Design and implementation of application security controls.
- Monitoring and reporting of application security risks, threats, and vulnerabilities.
- Hands-on experience using tools and technology to perform SCA, SAST, DAST, and IAST assessments.
- Hands-on experience using one or more testing tools such as SonarQube, Veracode, Fortify, IBM AppScan, Burp Suite, and OWASP Zap.

Skills Preferred

Three years of software development or security testing in one or more of the following Java and Microsoft. NET, C/C++, Ruby on Rails, Python, JavaScript, React, GoLang, Node.js, or C# based applications.
Take ownership of your work by performing self-reviews of all the work performed.
Produce high-quality deliverables on client engagements requiring little re-work. Ensure they are on time and well organized.
Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
Ability to deal with ill-defined problems and propose coherent solutions for the client.
Execution of assigned client engagements from start to finish, which includes engagement planning, directing, and completion while managing those engagements to budget.
Manage the team comprising seniors and associates and maintain professionalism across the team.
Apply current knowledge of software development trends to identify security and risk management issues and other opportunities for improvement.
Assist clients in developing and executing risk management activities.
Participate in client calls as Security SME; provide solutions best fitted to the requirement and in line with the industry best practices.
Ability to work additional hours and travel domestically as needed.

Apply for job View all jobs posted by this company

Apply Now!

Resume

Cover letter

Making my way into IT was a little bit of a fluke. I was working in a Tier 2 customer support position that had some good technicality built into it with troubleshooting, some data gathering, customer service as well as a lot of documentation and process building. Our IT directors took notice and requested that I be transferred over to his team.
I worked both our IS and IT help desks congruently for about six months. On top of your standard day to day troubleshooting, employee setup, onboardings, offboardings, scan and logs, I was also responsible for researching and deploying a few different apps that were added to our internal tech stack for all our users to have. Creating accounts for new employees, mananing current access levels as well as removing access upon a termination all fell into my wheel house. I also would be in charge of configuring different SMAL2 federated accesses, Zapier apps, Salesforce apps, Slack apps, Zoom configurations and so on. Building up infrastructures was m bread and butter and I loved it.
I do have plenty of experience executing code, most of which was on Apple hardware with our JAMF MDM. I’d regularly have to troubleshoot with bash since the client doesn’t have a GUI type interface. I also used a lot of powershell for network troubleshooting and have been sleeping, drinking and eating Linux recently in my security studies. I haven’t done much in line of scripting automations yet, but I could learn than very quickly.
I’ve been exposed to a vast array of IT that most people don’t get within just their first 3 years of sitting at a help desk, and I am very grateful for that.
 
Completed Certifications:
CompTIA A+
 
Currently Pursuing:
CompTIA Sec+
 
Future Training:
CompTIA Net+
CompTIA PenTest+

Cover letter

Dear Hiring Manager,

With a Bachelor’s degree in Crime, Law, and Justice, and certifications in Security +, GIAC Security Essentials (GSEC), NJ Police Certification, and ACT 120 Police Certification (Pennsylvania), I have a strong foundation in law enforcement and security.

My work experience as a Police Officer with the Delaware River Port Authority Police Department and as a Sr. Investigations Technician with the Target Investigations Center has provided me with a wealth of experience in various areas of law enforcement, including criminal investigations, fraud detection, loss prevention, and cybersecurity essentials. I have worked alongside local, state, and federal law enforcement agencies to investigate and prosecute a wide range of crimes, both domestically and internationally.

In addition to my technical skills, I have a strong understanding of the importance of effective communication and collaboration. As a Police Officer, I have worked alongside various agencies, including the Philadelphia Police Department and Camden Metro PD, to maintain a secure environment for commuters and employees. I am also well-versed in developing presentations and reports to portray the impact of crimes to law enforcement and other stakeholders.

I am confident that my skills, experience, and commitment to excellence would make me a valuable asset to your team. I am excited about the opportunity to contribute to your organization’s mission and goals.

Thank you for considering my application. I look forward to the opportunity to discuss my qualifications further in an interview.

Sincerely,
Azad Armani

Cover letter

Curtis Gift
Manahawkin, NJ | (848) 234-5873
curtisgift7@gmail.com | linkedin.com/in/curtis-gift-469b51259

Dear Director of Human Resources:

As a resilient individual with Advanced Cybersecurity training, valuable professional experience, and highly transferable leadership skills, I welcome this opportunity to submit my application with your organization. I offer a vision-driven approach to decision making, strategic planning, and tactical implementation that I am excited to bring to your team. I am recognized for my ability to motivate teams to achieve results beyond expectations while maintaining unwavering integrity and a tenacious work ethic. These professional qualities, among others, place me in an excellent position to provide impactful value to your organization.

The following professional attributes represent the value I can deliver in this new role:

♦ Accomplished leader with experience providing high-quality customer service and the ability to develop valuable professional relationships through a commitment to trust and transparency.
♦ Tactical thinker and skilled problem-solver with the ability to work with customers to gather equipment and related cyber security information and refine project requirements. 
♦ Authentic and relatable individual with a unique capacity to create a people-centric environment; able to identify important questions, define key metrics, and cultivate a data-driven decision-making culture. 
♦ Versatile and dependable professional with inspiring leadership ability, excellent communication skills, and the capacity to perform software product demonstrations; able to generate new sales opportunities within established and new customers accounts. 
♦ Innovative professional with a clear sense of purpose and urgency when faced with diverse situational obstacles; inspired by big challenges with a passion for helping others succeed through shared learning.  
♦ Extensive use of strategic thinking skills, creativity, and sound judgment to drive multiple, complex streams of work with a keen sense of when to act boldly and when to take time to contemplate alternatives.

I am known to be an imaginative professional with the ability to align organizational goals with technical capabilities. I approach each day with passion, inspiration, and enthusiasm and consistently apply my proven expertise and ongoing professional development to meet and exceed all objectives put before me. Further examples of my skills and achievements are outlined within my resume. As you will see, I am dedicated to partnering with a team with the same passion for growth and success.

I look forward to the opportunity to discuss with you how I can meet and exceed the demands of this role in order to advance the overall mission of your organization.

Sincerely,

Curtis Gift

Cover letter

Apply for job View all jobs