Veracode Consultant

• Coordinate Security Assessments: Act as the primary contact person between vendors and internal development teams to schedule and manage application security assessments. Facilitate and coordinate the scheduling of security scans, implementation of fixes by developers, and application of mitigations across the organization's applications.
• Vulnerability Management: Oversee the identification, tracking, and remediation of security vulnerabilities, ensuring timely resolution in collaboration with developers.
• Policy Implementation: Coordinate and ensure that application security policies and procedures align with industry best practices and compliance requirements, including the creation of custom policies tailored to organizational needs. Coordinate the integration of application security solutions into the development lifecycle. Ensure that security policies are enforced consistently across all applications and development teams. Monitor, report and follow-up on the effectiveness of implemented security measures.
• Developer Trainings: Provide guidance and assistance to development teams on the use of the security tools and the interpretation of security findings. Coordinate with vendors to offer additional services, training, and guidance as needed. Plan, assign and follow up on security trainings for developers to promote secure coding practices and awareness of common vulnerabilities.
• Reporting: Generate and customize reports to provide insights into the application security landscape, including combined reporting across different types of testing (e.g., static and dynamic testing). Present reports and overall application security posture for management review.
• Documentation: Maintain comprehensive documentation of integration processes, security policies, and compliance efforts.
• Process Improvement: Identify opportunities to enhance security processes and tools, advocating for the adoption of best practices in application security across the organization.

Key Deliverables

• Implement and configure Imperva DAM and Veracode solutions.
• Implement Security and compliance policies tailored to the organization’s requirements.
• Provide Detailed documentation and user guides.
• Provide Training sessions for technical and non-technical stakeholders.
• Periodic progress and performance reports.

Mandatory Skills and Experience

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3+ years of experience in application security, DevSecOps, or a related technical role.
• Hands-on experience with Veracode or similar application security tools (e.g., Fortify, Checkmarx, SonarQube).
• Experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Azure DevOps, GitLab CI).
• Strong understanding of secure software development lifecycle (SDLC) principles.
• Proficiency in interpreting and remediating common security vulnerabilities (e.g., OWASP Top 10, SANS CWE).
• Knowledge of programming languages (e.g., Java, .NET, Python, or JavaScript) and code analysis.
• Familiarity with cloud environments and containerization technologies (e.g., AWS, Docker, Kubernetes).
• Excellent communication and presentation skills to interact with technical and non-technical stakeholders.

Preferred Certifications

• Veracode Certified Security Specialist
• Certified Ethical Hacker (CEH)
• GIAC Web Application Defender (GWAPT)
• Certified Information Systems Security Professional (CISSP)