American Electric Power Security Tech Spec Sr-Security Tech Spec Lead in Columbus, Ohio

18669BR

Title:

Security Tech Spec Sr-Security Tech Spec Lead

Job Description:

Please note that Education and/or relevant Experience will be used to determine the appropriate salary and salary grade.

Security Technical Specialist, Sr. (Application Security Tester)

Security Technical Specialist, Lead (Application Security Tester)

Position Summary:

Responsible for moderate-scale to large scale security assignments with limited direction from senior team members. Develops and maintains necessary documentation of security assessments, projects, and/or processes to ensure unified understanding of system details. Participates in the assessment, documentation, evaluation, and recommendation for remediation of security vulenrabilities in web, mobile and client-server applications. Demonstrates problem solving, decision-making, and functional area knowledge.

Principal Accountabilities:

  • Using a variety of tools and techniques Identifies vulenrabilities in applications used by AEP to conduct business.

  • Translates and presents security vulnerability information competently to team members and AEP’s leaders; Establishes recommendations based on options presented.

  • Gathers first-hand information on security vulnerabilities to find the most cost-effective remediation recommendations to reduce risk of exploitation of those vulnerabilities.

  • Researches and supplies new opportunities to improve security posture; presents new ideas and approaches.

  • Formulates most effective work plan and shares with other team members and groups to meet required security objectives.

  • Collaborates with other members of the security team to identify and implement security processes and technologies to reduce overall security risk to AEP

  • Collaborates on team learning needs and engages in opportunities to increase knowledge in security areas.

  • Communicates the role and expectations of Cybersecurity in meeting AEP business strategies.

Auto req ID:

18669BR

Relocation:

No

Location:

Columbus, OH

Job Type:

Full-Time

Job Category:

Cybersecurity

Minimum Requirements:

Security Technical Specialist, Sr. (Application Security Tester)

Education/Experience:

This position typically has a Bachelors degree in computer science/cyber or related field or completed a cyber security rotation program and 4 to 6 years of related security experience OR 2-4 years related military/government security experience.

Alternatively may have non-degree qualifications (such as hands-on demonstrated in a technical interview/assessment) and correspondingly more work experience.

Security Technical Specialist, Lead (Application Security Tester)

Education/Experience:

This position typically has a Bachelors degree in computer science/cyber or related field or completed a cyber security rotation program and 7 to 9 years of related security experience OR 5-8 years related military/government security experience.

Alternatively may have non-degree qualifications (such as hands-on demonstrated in a technical interview/assessment) and correspondingly more work experience.

Additional Information:

  • Some travel/OT may be required.

Candidate should possess

  • Advanced level programming skills in any or all of the following technologies: Java, JavaScript, CSS, PHP, Ruby, .NET, Python, C, C++, Shell, C#, Objective-C, Go, R, TeX, VimL, Perl, Scala, Swift

  • Advanced level understanding of Cybersecurity

  • Knowledge and experience using any or all of the following tools: Ida Pro, IBM AppScan, Burp Suite, Acunetix, NowSecure, application security/vulnerability assessment tools

  • Knowledge and experience in Maven, GIT, Hudson/Jenkins, Docker, etc.

  • Manages time and resources efficiently to accommodate multiple assignments.

Licenses/Certifications: Technical Security certifications preferred, such as SANS GIAC

Following certifications or equivalent experience are preferred but not required:

CompTIA

  • Security ISC2

  • CISSP

  • CISSP-ISSAP

  • CISSP-ISSEP

  • CSSLP

SANS

  • DEV522 = GWEB - GIAC Certified Web Application Defender

  • DEV541 = GSSP-JAVA - GIAC Secure Software Programmer - Java

  • DEV544 = GSSP-NET - GIAC Secure Software Programmer - .NET

  • SEC560 = GPEN - GIAC Certified Penetration Tester

  • SEC566 = GCCC - GIAC Critical Controls Certification

  • SEC542 = GWAPT - GIAC Web Application Penetration Tester

  • SEC575 = GMOB - GIAC Mobile Device Security Analyst

Offensive Security

  • Offensive Security Certified Professional (OSCP)

  • Offensive Security Certified Expert (OSCE)

Equal Opportunity Employer | Minorities/Females/Disability/Vets