Position: Application Security SubjectMatterExpert (SME)
Location: 100% Remote Role
Duration: Contract Long Term
Job Description:
Application Security SubjectMatterExpert (SME)
Key Responsibilities:
Software Design and Architecture Review:
- Analyze existing applications proposed changes and new software development designs and architecture.
- Ensure security best practices are incorporated to meet Yahoo security requirements.
- Document findings in detailed Architecture Assessment Reports.
- Consult with product team personnel and software architects to provide expert advice.
Threat Modeling:
- Conduct structured analysis of application attack surfaces and potential threats using industrystandard threat models.
- Document findings in comprehensive Threat Model Assessment Reports.
- Work with product team personnel on strategies to mitigate identified risks in current or future software.
Code Review:
- Perform static analysis of Yahoo application source code to identify security vulnerabilities and weaknesses.
- Create detailed Code Review Reports documenting findings.
- Input findings into JIRA for remediation.
- Provide remediation advice and consult with product team personnel.
Penetration Testing:
- Conduct dynamic analysis of Yahoo web and mobile applications to identify security vulnerabilities and weaknesses.
- Create thorough Penetration Test Reports documenting findings.
- Input findings into JIRA for remediation.
- Provide remediation advice and consult with product team personnel.
Qualifications:
- A minimum of 10 years of experience in the field of application security.
- Proven ability to work independently and perform tasks with minimal supervision.
- Indepth knowledge and experience with software design architecture review threat modeling static code analysis and dynamic application testing.
- Strong documentation skills and experience creating detailed reports.
- Excellent communication skills and the ability to consult effectively with product teams and software architects.
- Proficiency with security tools and platforms including static and dynamic analysis tools.
- Experience with JIRA or similar issue tracking systems.