Application Security Developer
The Motley Fool
 Alexandria, VA

Do you believe that there are never too many locks on a door or that there's no such thing as too much security? Can you think like an attacker and anticipate the ways bad actors may gain access to a computer system? If so, The Motley Fool may have a job for you.

We're looking for an Application Security Developer to join our Cybersecurity Team working with development teams to collaborate on strategy, help design secure solutions, and build standards for how these solutions should be securely implemented and maintained.

Key duties of this position will include:

  • Design, build, and implement enterprise-class security systems for a production environment
  • Conduct secure code scanning and analysis, reporting on results and mitigation proposals
  • Design development security capabilities to mitigate emerging threats
  • Identify security gaps in existing and proposed architectures and recommend improvements
  • Write code, perform testing and debugging of applications

When applying, please send us your Foolishly-written cover letter and resume. We're ready to be impressed.

What you'll be doing:

  • Build relationships by collaborating with development teams and stakeholders by:
  • Dynamic & static application security testing
  • Identifying security requirements and delivering security risk assessments
  • Conduct code reviews for secure development
  • Performing manual and automated security testing
  • Performing forensic and investigative activities
  • Develops and communicates secure application development standards - Security by Design
  • Identifying & developing metrics, creating reports on application security analytics & mitigations
  • Helps the security team define and administer identity & access role workflows

Qualifications:

  • 5+ years secure programming experience with Django, Python for web-based applications and online services
  • In-depth understanding of Application Security Vulnerabilities and Standards (OWASP)
  • Experience with secure code analysis and scanning solutions, automation and integration into the development process
  • Strong understanding of application security architecture and proven ability to articulate the best practices for application security
  • Security certifications: GWEB, CEH, CISSP-ISSAP considered a plus
  • Security capabilities of relational databases (Microsoft SQL Server, Postgresql) considered a plus

General skills include:

  • Exceptional communication skills, including the ability to explain technical topics to those without a technical background
  • Collaboration and persuasion, including the ability to work with teams and drive initiatives in multiple departments
  • Critical thinking and troubleshooting