Lead Application Security Consultant ( Job Number: 171938 )
Kaiser Permanente - Greenwood Village, CO

This job posting is no longer available on Kaiser Permanente. Find similar jobs:Lead Application Security Consultant jobs - Kaiser Permanente jobs

As a member of the KP Information Security team, the Application Security Consultant is responsible for application security initiatives that help secure KP applications and data.

This individual will help set the direction and be responsible for the rollout and operation of the following services:

Static code analysis

Review automated static code analysis results and perform manual code reviews

Work with developers and application owners to integrate static code analysis functionality into the SDLC

Train staff on the use of static analysis tools and code review

Web Application Scanning

Review results from automated tools

Perform manual application testing (minimal)

Work with applications owners to set up automated scans of target applications

Web Application Firewall (WAF)

Identify applications that will be protected by the WAF

Tune WAF rules, review alerts, identify issues

Train staff on web application security issues and scan results

Work with developers and application owners to mitigate application security vulnerabilities that are discovered

Accountable for analyzing, validating, and planning application security services to expand coverage throughout KP

Develop and deliver metrics to measure progress and improvement for all services

Contribute to overall strategy and roadmap for continuous improvement of application security capabilities

Accountable for identifying technical and process deficiencies and risks with current or new systems and recommends risk management strategies

Opportunity to expand responsibilities into project and technical management roles
Qualifications
Basic Qualifications:
Bachelor's degree in a related field and/or 4 years of equivalent experience.
• A minimum of 8 years of experience in solutions consulting including defining requirements, developing solution alternatives and estimates and translating client's business requirements into specific systems, applications or process designs for large complex IT solutions.
Preferred Qualifications:
Must have a security background and an understanding of risk based approaches to prioritizing activities.
• Must be able to effectively communicate with business partners risk in non-technical terms.
• At least 10 years of systems experience with application development, application security, information security, networking in a large-scale (1000+ servers), customer facing, highly available, distributed environment.
• Solid understanding of web application security issues
• Solid understanding of common development languages and platforms such as Java/JEEE, .NET, C#, PHP, JavaScript, Flash, etc.
• Experience with mobile operating systems, iOS, Android a big plus
• Experience with Static Code Analysis tools like Fortify and Quality Center.
• Experience with Web Application Scanners like Rational AppScan, HP WebInspect, Cenzic, WhiteHat
• Experience with other web application testing tools like Burp, WebScarab, Paros, etc.
• Experience with Web Application Firewalls like Imperva and F5
• Thorough understanding of the rapidly changing computing landscape; its security related risk; and how to be proactively prepared for that change.
• Strong communication and leadership skills with the demonstrated ability to lead and influence technical professionals across the enterprise including education of fellow technology staff on detailed security requirements.
• Ability to evaluate risk based on situation and adapt security controls to match the risk.
• Comfortable with ambiguity as needs change on a regular basis with a high degree of initiative and sense of urgency.
• Excellent oral and written skills with the ability to interact with senior management, technical subject matter experts, and business customers are essential in this role.
• Ability to work on multiple, simultaneous initiatives of which he/she will apply their applicable business, technical and system functionality.

About this company
2,527 reviews
At Kaiser Permanente, all of us, from accounting, sales and IT, to our care delivery teams on the front lines, stand for Total Health....