Philadelphia Technology Consulting Security & Privacy (Application Security) Senior Manager
About the Job
At Protiviti, we believe that a career is about more than just working, providing deliverables, and being compensated for your efforts. A Protiviti Career is about opportunities to lead, learn, grow, and make a difference. We strive to recruit and hire the best talent. But it doesn't stop there. Once you join us, we build your career through exceptional work experiences, a culture focused on learning and development, and a commitment to the things that matter to you. Are you inspired to make a difference? You've come to the right place. JOB REQUISITION Philadelphia Technology Consulting Security & Privacy (Application Security) Senior Manager LOCATION PHILADELPHIA ADDITIONAL LOCATION JOB DESCRIPTION Job DescriptionThe Senior Manager is responsible for serving clients and ensuring the successful execution of projects. Managers develop lasting relationships with client personnel and seek to further these relationships through quality product delivery. The manager is responsible for understanding their client’s business and demonstrating technical expertise in their product group and industry. Senior Managers develop contacts within the business community and serve as ambassadors of Protiviti in the market.Qualifications:General Knowledge & Skills + Prior project management and supervisory skills required. + Interpersonal skills to interact in team environment and foster client relationships. + Demonstrated understanding of the importance of business ethics. + Sound job administration skills. + Above average written communication skills including documentation of findings and recommendations. + Strong analytical skills. + Must be able to handle highly confidential information in a strictly professional manner. + Must be able to maintain professional demeanor in times of high stress. Technical Knowledge & SkillsRequired: + Proficiency in utilization of static code analysis tools such as Checkmarx, Veracode, Fortify, etc. + Strong skills and proficiency in building security into the SDLC cycle, dev ops, and secure coding + Prior development experience is a plus + Experience with: + Automated and Manual Secure Code Assessments + Identification of vulnerabilities such as: SQL Injection, Cross-Site Scripting, Code Injection, Buffer Overflow, Parameter Tampering, Cross-site Request Forgery, HTTP Splitting, Log Forgery, DoS, Session Fixation, Session Poisoning, Unhanded Exceptions and Dangerous File Uploads. + Customized rule sets to enforce coding best practices. For example, a custom rule to ensure all data is output encoded using the OWASP Java Encoding Library. + Malicious Code Detection looking for hidden functionality, embedded commands, network activity and logic bombs. + Strong skills with Mobile application security + Experience with several of the following: + Java, + C# + PHP + Python + Groovy + Ruby + Android + iOS (Object C, Swift) + Windows Mobile + C++ + Node.JS + ASP.net + HTML5 + VB + PL/SQL + PERL + Experience with dynamic application security testing + Penetration Testing experience is a plus + Experience Threat Model the application in order to discover the security risks in the application. The output from the threat model will drive the areas of focus in the secure code review. + A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures Preferred: + Application source code security review skills + Experience with programming languages such as Java, C, C++, C#, and .NET + Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications and other Industry Related Security Standards + Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry (PCI) or Corporate Compliance + Consulting experience in Information Security Education & Professional Credentials + Bachelor’s degree in relevant discipline (e.g. MIS, CIS) required. + Required minimum GPA 3.0. + 7+ years in a related field required, preferably in professional services and/or industry. + Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT is a plus Ability to Travel + Limited Travel throughout the month required based on client requests/commitments. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. For all US & Canada Postings: You may submit your application materials online or call 1.888.556.7420 for additional ways to apply. Protiviti is an Equal Opportunity Employer. M/F/Disability/Veteran JOB LOCATION PA PRO PHILADELPHIA Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. For the third consecutive year, Protiviti was named to the Fortune 100 Best Companies to Work® for list. We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.