Security Advisor (K)

Security Advisor

Reston, VA ONLY 3 Days Hybrid

12+ Months

In-person Interview

Description:

The role that we are looking for is on the advisor team and what we do is we are integrated into the development squads to help them fix vulnerabilities to the left (run their scans in their lower environment.) We find these as we help remediate and we do not push them in to production. As a result, we should not be pushing any new vulnerabilities into production, so we are each of the security advisor is aligned to a portfolio where they are broken down as primary and secondary.
This advisor role would need coding experience. They will be working hand in hand with the developers to say OK, there is a SQL injection here. This could be a probable SQL injection and this is how you fix it or there is a cross site scripting vulnerability here. You probably have to do input validation and this is how you should be doing so in order to find out and fix those vulnerabilities, they need to understand code first.
The other thing that we would like is understanding of AWS or Microsoft or Azure or you know all of these. Not hands on is not required, just basics if they are speaking that language about databases about back end. They should be able to communicate and have a conversation and communicate or provide you know best practices of how they should be doing it right. the role, emphasizing that the trainer will be part of the "Security Coaches and Advisors" program. This program trains developers in application security to ensure no vulnerabilities are introduced into production. The training is hands-on and provided by a third-party vendor called Appsec Engineer. The program has been running since 2021, with four cohorts per year and over 256 developers trained
The day-to-day responsibilities of the trainer include running cohorts, teaching cybersecurity with a focus on application security, and collaborating with developers to address any issues they may have. The trainer should have a good understanding of application security and be able to explain vulnerabilities and remediation techniques to developers
The meeting also covered the interview process, which will be twofold: the first round conducted by advisors and leads, and the second round by the manager. The candidate must be local to Reston, Virginia, and have a strong understanding of application security
There were several questions from the attendees about the role, including the difference between a security advisor and a security coach, the criteria for the program, and the interview process.

Security Advisors Skills

:
Experience with security tools (e.g., SAST, DAST, SCA).
Strong understanding of network protocols and encryption.
Familiarity with secure development frameworks and DevSecOps.
Conduct manual and automated code reviews to identify vulnerabilities.
Perform threat modeling and risk assessments for new and existing applications.
Proficiency in Java, Python, JavaScript, C#, or similar languages.
Experience with CI/CD platforms (e.g., GitHub, Jenkins).
Familiarity with DevSecOps, container security, and cloud platforms (AWS, Azure, GCP).