You may leave your CV on the desktop of firstname.lastname@example.org (but better just email it )
What to do?
- help design Secure SDLC in a mixed waterfall/agile environment (OWASP SAMM)
- hands-on perform specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- help properly set up automation in CI/CD (so HP Fortify / HP WebInspect suck less)
- basic performance testing to ensure system’s Availability (optional)
- lead an appsec team that will be built by you and around you
What to know?
- all parts of Secure SDLC - Governance, Design, Implementation, Verification, and Operations. Understand and communicate well the processes that minimize software vulnerabilities, be able to give specific examples and realistic how-to’s
- web app security, in-depth and hands-on
- English - upper-upper-intermediate+ or advanced, customer team is all foreign
What’s the project?
- multiple web apps, predominantly Java
- Saudi government agency - NOT defense/intelligence, public web apps