Perform manual and/or automated secure code reviews. Conduct application security risk analysis for purchased or developed applications prior to live implementation. Act as a software security resource on assigned projects and develop and/or deliver software security focused training for developers. Identify application security risks and requirements for new projects and system developments. Develop security test plans and minimum-security requirements to integrate into the software development lifecycle. Perform/oversee security testing, communicate corrective action plans, and manage remediation of identified vulnerabilities. Monitor and proactively report on current threats and vulnerabilities to application security.

Develop and maintain the necessary documentation for an application security program including the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints and code review methodologies. Work with 3rd party vendors to promote secure design and security testing, oversee external penetration testing, and update the web application firewall. Participate as an application security subject matter expert in the BCBSMS incident response program. Attend design and application architectural reviews and actively lead the discussions from a security standpoint.

Position requires: a Master's degree in Computer Science, Computer and Information Science, or related IT field, or foreign equivalent with three (3) years' experience designing and deploying Information Security Solutions using Java, JavaScript, HCL AppScan Source, AG API Gateway, HCL AppScan Enterprise, OAuth 2.0, RTC, Linux, SQL, JSP, HTML, XML, J2EE, JDBC, Struts, and Websphere. 

Applicants should apply at: demortimer@bcbsms.com