Application Security Specialist
As an Application Security Specialist, you will be a key member of Arm’s Threat & Vulnerability Management team, contributing to the development and operation of the Threat and Vulnerability Management program. You will identify vulnerabilities using Infrastructure & Web Application scanning tools and methods or from sources such as bug bounty disclosures, security incidents, red team, and penetration testing. You will validate findings, prioritize risk within the context of our environment, assign to the correct owner, and follow up on status. This role requires a strong background in security as it relates to platform infrastructure, application security, and aspects of network/cloud infrastructure security.
What you will do:
- Scope and perform security reviews of web applications, mobile applications, and private and public cloud environments.
- Assist project teams om scoping.
- Develop and implement workflows to automate security testing and vulnerability detection for the software development lifecycle.
- Promote a culture of security by leading security awareness training while communicating vulnerabilities to IT, development, and engineering teams.
- Identify architectural deficiencies and implement vulnerability mitigation strategies to address them.
What we are looking for:
- BS degree in Computer Science, a similar technical field of study, or equivalent practical experience is required.
- 5 years of security related experience, including at least 1 year of experience in penetrating testing, including mobile & web applications.
- Understanding of vulnerability classes (OWASP) and how they can be exploited.
- Experience analyzing risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack.
- Experience validating vulnerability reports from Penetration Testing, Red Team and Bug Bounty disclosures.
- Understanding of the overall threat and vulnerability management process, including metrics to measure performance.
- Experience working with APIs to automate manual tasks.
- Exposure to security testing methodologies applied to supporting CI/CD pipelines and deploying software releases.
- Expertise with vulnerability and DAST scanners such as Qualys & Netsparker
- Experience with Azure, AWS & Akamai.
- Certifications such as GIAC, SANS, CISSP & OCSP are advantageous.
Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of any characteristic.