The Fortify & WebInspect Platform Engineer is part of the Attack Surface Management (ASM) organization and participates in the attack surface reduction of global computing assets. The Fortify & WebInspect Platform Engineer is responsible for the maintenance, uptime & availability and scan performance of our Microfocus Fortify Static Code analysis and Enterprise WebInspect infrastructure. The Engineer shall ensure proper configuration of the platforms, maintain operational processes, troubleshoot scan issues, escalate issues to the vendor, collaborate with other ASM teammates to ensure proper scan configurations & integrations into SDLC pipelines. The Engineer should have a strong understanding of application security issues, such as issues identified in the OWASP Top 10 and common coding defects. coordination with developers regarding findings, provide remediation guidance and completion of day to day tasks associated with maintaining the platforms.
· Maintain the day to day operations, configuration and scaling of the static code analysis (Fortify) and dynamic web application security platform (WebInspect)
· Automate and schedule regular dynamic web application security scans of Client applications
· Assist with integration of static & dynamic web application assessments into secure SLDC lifecycles and validation that results are being regularly reviewed by developers
· Be subject matter expert on common web application security findings such as the OWASP top 10 and provide remediation recommendations
· Assist with false positive reviews with developers for findings from the static or dynamic assessment platforms
· Maintain and compose operational process documentation regarding program execution.
· Interface with other CIS organizations such as Governance, Risk, Business Information Security and Threat Intelligence to report on program status and coordinate risk identification.
· Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
· 5+ years of IT professional experience, with previous information security experience
· Direct experience maintaining enterprise level static & web application assessment platforms such as Microfocus Fortify & WebInspect, Veracode, WhiteHat, AppSpider, etc
· Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues
· Experience and knowledge of performing security tasks within AWS, Azure or other cloud environments
· Ability to automate technical tasks through use of API or scripting
· Experience with data analytics with the ability to provide qualitative analysis and recommendations.
· Strong verbal and written communication skills.
· Strong attention to detail, data accuracy, and data analysis.
· Self-motivated and operates with a high sense of urgency and a high level of integrity.
Previous experience working in large scale environments with diverse technologies.