Manager - Application Security/Penetration Testing

Job ID:
Alpharetta, GA
Information Technology, Telecommunications, Array
per year
Zip Code:
Employment Type:
Full time

Job Description:

Manager of Application Security/Pen Testing

Location: Alpharetta, GA

Position Type: Perm


Hands on Application Security Engineer/Pen Tester responsible for leading a team of 2 application security engineers. Responsible for the application security across the whole SDLC from requirements to testing. Agile product owner for Security; prioritizes security requirements, security defects and other security work items for the team. Conducts penetration tests/web app assessments of company developed applications. Manages and maintains penetration testing tools as well as validating findings as needed.

Skills: OWASP, SAML, Penetration testing, pen testing, vulnerability management, SDLC, network security, Scripting, AJAX, Apache, SOAP, Windows, Linux, Weblogic, WebSphere, XML, Tomcat, SAS, IIS, Oracle, SQL


Agile Product Owner for Security; prioritizes security requirements, security defects and other security work items for the team

Manages and audits the code review process within the SDLC

Works with QA to validate security functionality

Scans release candidates to detect vulnerabilities prior to release at end of sprint cycle

Maintain an annual schedule and execute penetration tests against the corporate portfolio of applications

Provide security training to engineering staff (OWASP, Secure Coding, etc.)


Prior experience leading or managing a team

Strong web application penetration testing experience

Knowledge of HIPAA, PCI, SOC1/2, HITRUST, and SOX audit requirements

Knowledge of the software development life cycle in a large enterprise environment

Knowledge of Agile and DevOps methods and related security controls

Experience with performing code review

Programming background (C++/Java, Perl, Python, Shell)

Understanding of various web application architectures

Understanding of server and client side application development

WebServices technologies like XML, SOAP, and AJAX


Technical knowledge in security products, cryptographic suites, authentication

Operating Systems: Windows and Linux.

Web Servers: IIS, Apache

Middleware software: Oracle's WebLogic, IBM's WebSphere, Apache Tomcat

In-depth knowledge of proxying tools such as Paros, Burp, WebScarab, and Achilles "fault injection"

Experience with any of the commercial application scanning tools (Acunetix)

Experience with any open source tools like Whisker and Nikto

Networking tools, such as Nessus and nmap

CEH, LPT, OSCP, CISSP certifications preferred but not required

Please contact (see below)

Company Info