Position: IT Security Auditor
Location: Dimondale, MI
Duration: 1 Year
Job Description:
Functional Knowledge:
- Chrome/Firefox/Edge Development tools to see the request/response headers
- Experience with Application Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud) a must.
- Experience with Coverity, BlackDuck, STRM, Fortify a plus
- HTTP Request/Response headers for web and Restful API calls
- Ability to explain in detail any of the OWASP top 10 vulnerabilities
- Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
- API Security
- JWT
- OAUTH/OIDC/PKCE
- Web, API replay attacks
- High-level understanding of containers
- Cloud development experience (Azure, AWS, GCP)
Minimum of 5+ years of total IT related experience.
3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.
Top Skills & Years of Experience:
3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.
Ability to pass a CJIS background check
