Offer summary

Qualifications:

Minimum of 3 years of experience with Java, including Apache and Spring frameworks., Experience in designing and implementing enterprise security controls for applications and infrastructure., Proficiency in supporting Static and Dynamic Application Security Testing and IDE plugin environments., Knowledge of web application security standards such as OWASP Top 10, CVSS, CWE, and experience with penetration testing..

Key responsibilities:

Collaborate with clients and application teams to maintain application security.

Remediate security defects and promote a security-first approach.

Lead security discussions and advise on best security practices during development.

Conduct security testing, create security requirements, and develop threat models.

Job description

Orion Innovation is a premier, award-winning, global business and technology services firm. Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity. We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

Key Responsibilities:

Collaborate closely with clients and the application community to maintain a resilient security posture for high-visibility applications.
Remediate application security defects collaboratively with the application security team, emphasizing a security-first mindset.
Lead security discussions with application teams to prescribe and implement best security practices throughout the development lifecycle.
Conduct dynamic and static application performance testing, create security requirements, and generate threat models using tools such as SD Elements.
Utilize the latest OWASP frameworks to enhance application security.
Stay updated on web application security standards, including OWASP Top 10, CVSS, CWE, WASC, and SANS-25.

Basic Requirements:

3+ years of experience with Java, including expertise in Apache and Spring.
3+ years of experience in designing and implementing enterprise security controls to secure applications, systems, networks, or infrastructure services.
3+ years of experience supporting Static Application Security Testing, Dynamic Application Security Testing, and IDE Plugin environments.
Experience with Eclipse, JDeveloper, including pipeline development, or Visual Studio.
Expertise in enterprise web application security and understanding of OWASP Top 10.
Familiarity with web protocols and command-line tools.
Proven experience in penetration testing.
Knowledge of Linux or UNIX environments, including basic website connectivity navigation and troubleshooting.

Additional Requirements: Experience with capabilities and tools of Interactive Application Security Testing.

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Candidate Privacy Policy

Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, “Orion,” “we” or “us”) are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) (“Notice”) explains:

What information we collect during our application and recruitment process and why we collect it;
How we handle that information; and
How to access and update that information.

Your use of Orion services is governed by any applicable terms in this notice and our general Privacy Policy.

Required profile