· Web Application scanning on target applications, providing reports documenting the issues including actionable recommendations for remediation

· Working closely with development teams to provide input and education on identified security issues

· Setup, conduct, and evaluate DAST scans, review results for false positives, and give actionable guidance on remediation to Application teams

· Produce, review, and document information, processes, and procedures for teams moving from DevOps to DevSecOps

· Stay current on Application Security testing industry vulnerabilities, technologies, tools, and skills, and make recommendations for use based on business value

· Application Security experience in large scale environments

· 5+ years of hands-on experience in application security testing and/or penetration testing

· Ability to translate technical risk issues and distill such issues to IT business leaders and upper management

· Experience installing, upgrading, maintaining and running SAST tools (Checkmarx preferred)

· Experience installing, upgrading, maintaining, running, and expanding coverage of DAST tools (Acunetix preferred)

· Knowledge of Open Source security, ideally experience with Black Duck Hub

· Experience interpreting SAST and DAST results and explaining to development

· Extensive experience with application security testing tools, such as Acunetix, Qualys Web App Scanning (WAS), Burp Suite, OWASP ZAP, etc.

· Proven effectiveness in collaborating across teams/disciplines, including but not limited to software Developers, Testers, and others outside the security organization

· Continuously refresh technical skills and knowledge

· Effective written and verbal communication skills

· Ability to work both independently as well as part of a team

· Ability to think strategically, strong attention to detail and organization skills

· Bachelor’s Degree in Computer Science, Engineering or related field required or equivalent experience