Product Security Architect, 100% Remote

Description
Cognizant (NASDAQ: CTSH) Cognizant (Nasdaq-100: CTSH) is one of the world's leading professional services companies, helping clients become data-enabled and data-driven in the digital era. Our industry-based, consultative approach helps companies evolve into modern businesses. By leading clients in leveraging technologies essential to modern enterprises such as IoT, artificial intelligence, digital engineering and cloud, we enable new business and operating models that unlock value in markets around the world. Cognizant's unwavering focus on our clients is led by over 330,000 associates, who deliver services and solutions tailored to specific industries and the unique needs of the organizations we serve. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant @Cognizant.

This high impact role is for a Shift Left expert energized by moving teams from DecOps to DevSecOps!

• This hands on role partners with Application Security Testers and Product teams to ensure our journey to Secure by Design;
• Activities include Web Application scanning on target applications, the provisioning of reports documenting issues and making actionable recommendations for remediation;
• Work closely with development teams to provide input and education on identified security issues;
• Setup, conduct and evaluate DAST scans, review results for false positives and give actionable guidance on remediation to Application teams;
• Produce, review and document information, processes and procedures for teams moving from DevOps to DevSecOps;
• Stay current on Application Security testing, industry vulnerabilities, technologies tools and skills and make recommendations for use based on business value.

You Bring

• Five plus years of experience within Application Security in large scale environments;
• Application security testing and/or penetration testing abilities;
• Experience as a partner to AppSec Testing teams;
• Ability to observe security risks and weaknesses and provide security recommendations to respective project and delivery teams
• Experience with industry security standards such as OWASP-ZAP, AppScan-SAST Appscan-DAST;
• Any combination of the following as well;
  • Secure architecture design and/or code review,
  • Threat modeling,
  • Identity management and authentication
  • Cryptography,
  • Agile SDLC
  • Knowledge of Open Source security ideally experience with Black Duck Hub
  • Enterprise level Linux operating systems (Basic SysAdmin abilities)
  • Modern relational databases (MySQL SQL PostgreSQL)
  • Object-oriented (C# Java etc) and scripting (Python JavaScript etc) languages;
  • Industry security standards and organizations such as OWASP SANS and NIST.
  • Certification are always a plus! (CSSLP or CISSP or CISM or GIAC Web Application Penetration Tester (GWAPT), CSSLP or other relevant information security industry recognized certifications.

Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

If you have a disability that requires a reasonable accommodation to search for a job opening or submit an application, please email [email protected] with your request and contact information.

Qualifications
Technical Skills
SNo Primary Skill Proficiency Level * Rqrd./Dsrd. 1 Appscan-DAST PL1 Desired 2 AppScan-SAST PL1 Desired 3 OWASP-ZAP PL1 Desired

* Proficiency Legends
Proficiency Level Generic Reference PL1 The associate has basic awareness and comprehension of the skill and is in the process of acquiring this skill through various channels. PL2 The associate possesses working knowledge of the skill, and can actively and independently apply this skill in engagements and projects. PL3 The associate has comprehensive, in-depth and specialized knowledge of the skill. She / he has extensively demonstrated successful application of the skill in engagements or projects. PL4 The associate can function as a subject matter expert for this skill. The associate is capable of analyzing, evaluating and synthesizing solutions using the skill.