Secure SDLC Team Member

SECURE SDLC TEAM MEMBER FOSTER CITY, CA CONTRACT OPPORTUNITY

You re covered with COMPUCOM. We offer our temporary employees full benefits. Always have. Always will. Join us!

Must have skills:
Ideal candidate will have an application security consulting background, as this position amounts to multiple engagements with various teams who work on central applications. Background and experience with managing large review projects. Understanding of the Secure Development Lifecycle (SDL) and Software Development Lifecycle (SDLC).

Job Description:
Staff augmentation needed to perform security analysis of core transaction processing systems. The analysis will be of very large and complex systems, so the candidate must be able to synthesize many small pieces of information to construct a comprehensive view of the application's security risks.

TASKS TO INCLUDE:

- Inventory of specified applications related to key solutions
- Criteria development to be used in establishing application criticality
- Type(s) of data
- Exposure to the Internet
- Importance to the business
- Maturity of SDL and SDLC
- Development of in-scope systems, controls, assets and threats
- Development of required audit activities for each tier of application
- Data gathering and interviewing
- Review of current critical system SDLC processes in use
- Review of previous security assessment reports for critical systems and applications
- Validation of assessment findings and remediation through interviews and application review
- Create relevant documentation pertaining to the various tasks performed
- Application security profiles that include information such as:
- Application purpose and functionality
- What data it stores and the value of that data
- Where data is stored and rules for access
- Data entry and exit points throughout the application
- Data flow for transaction or processing systems
- Data access and interaction by different types of users (untrusted, authenticated, partners, etc.)
- Intermodule relationships
- Security expectations by application users
- Major trust boundaries
- Mitigating controls enforcing trust boundaries
- Applications context within network zones
- Applications technology stack
- Applications team structure
- Questionnaires
- Diagrams
- Findings and recommendation reports
- Scorecards for audited applications
- Execution plans

SKILLS AND PROFICIENCIES:

- Strong communication skills (developer interviews)
- Understanding of the Secure Development Lifecycle (SDL) and Software Development Lifecycle (SDLC)
- Understanding of data flow and data flow diagramming
- Background and experience with risk analysis
- Background and experience with threat modelling and profiling
- Background and experience with application security
- Background and experience with managing large review projects
- Background and experience with interviewing and data collection

TECHNICAL EXPERIENCE:

- Big Data, 3 years
- SDLC, 3 years

**CompuCom supports Employment Equity and Diversity**

Dallas-based CompuCom Systems, Inc. is a leading provider of end user enablement, service experience management, and cloud technology services to Fortune 1000 companies. CompuCom partners with enterprises to develop smarter ways they can work, grow, and produce value for their business. Founded in 1987, privately held CompuCom has approximately 11,500 associates and supports more than 4 million end users in North America.