Application Security SME - 100 Remote

Position: Application Security SubjectMatterExpert (SME)

Location: 100% Remote Role
Duration: Contract Long Term

Job Description:

Application Security SubjectMatterExpert (SME)

Key Responsibilities:

Software Design and Architecture Review:

• Analyze existing applications proposed changes and new software development designs and architecture.
• Ensure security best practices are incorporated to meet Yahoo security requirements.
• Document findings in detailed Architecture Assessment Reports.
• Consult with product team personnel and software architects to provide expert advice.

Threat Modeling:

• Conduct structured analysis of application attack surfaces and potential threats using industrystandard threat models.
• Document findings in comprehensive Threat Model Assessment Reports.
• Work with product team personnel on strategies to mitigate identified risks in current or future software.

Code Review:

• Perform static analysis of Yahoo application source code to identify security vulnerabilities and weaknesses.
• Create detailed Code Review Reports documenting findings.
• Input findings into JIRA for remediation.
• Provide remediation advice and consult with product team personnel.

Penetration Testing:

• Conduct dynamic analysis of Yahoo web and mobile applications to identify security vulnerabilities and weaknesses.
• Create thorough Penetration Test Reports documenting findings.
• Input findings into JIRA for remediation.
• Provide remediation advice and consult with product team personnel.

Qualifications:

• A minimum of 10 years of experience in the field of application security.
• Proven ability to work independently and perform tasks with minimal supervision.
• Indepth knowledge and experience with software design architecture review threat modeling static code analysis and dynamic application testing.
• Strong documentation skills and experience creating detailed reports.
• Excellent communication skills and the ability to consult effectively with product teams and software architects.
• Proficiency with security tools and platforms including static and dynamic analysis tools.
• Experience with JIRA or similar issue tracking systems.