At Protiviti, we believe that a career is about more than just working, providing deliverables, and being compensated for your efforts. A Protiviti Career is about opportunities to lead, learn, grow, and make a difference.
We strive to recruit and hire the best talent. But it doesn't stop there. Once you join us, we build your career through exceptional work experiences, a culture focused on learning and development, and a commitment to the things that matter to you.
Are you inspired to make a difference?
You've come to the right place.
Philadelphia Technology Consulting Security & Privacy (Application Security) Senior Manager
The Senior Manager is responsible for serving clients and ensuring the successful execution of projects. Managers develop lasting relationships with client personnel and seek to further these relationships through quality product delivery. The manager is responsible for understanding their client’s business and demonstrating technical expertise in their product group and industry. Senior Managers develop contacts within the business community and serve as ambassadors of Protiviti in the market.
General Knowledge & Skills
- Prior project management and supervisory skills required.
- Interpersonal skills to interact in team environment and foster client relationships.
- Demonstrated understanding of the importance of business ethics.
- Sound job administration skills.
- Above average written communication skills including documentation of findings and recommendations.
- Strong analytical skills.
- Must be able to handle highly confidential information in a strictly professional manner.
- Must be able to maintain professional demeanor in times of high stress.
Technical Knowledge & Skills
- Proficiency in utilization of static code analysis tools such as Checkmarx, Veracode, Fortify, etc.
- Strong skills and proficiency in building security into the SDLC cycle, dev ops, and secure coding
- Prior development experience is a plus
- Experience with:
- Automated and Manual Secure Code Assessments
- Identification of vulnerabilities such as: SQL Injection, Cross-Site Scripting, Code Injection, Buffer Overflow, Parameter Tampering, Cross-site Request Forgery, HTTP Splitting, Log Forgery, DoS, Session Fixation, Session Poisoning, Unhanded Exceptions and Dangerous File Uploads.
- Customized rule sets to enforce coding best practices. For example, a custom rule to ensure all data is output encoded using the OWASP Java Encoding Library.
- Malicious Code Detection looking for hidden functionality, embedded commands, network activity and logic bombs.
- Strong skills with Mobile application security
- Experience with several of the following:
- iOS (Object C, Swift)
- Windows Mobile
- Experience with dynamic application security testing
- Penetration Testing experience is a plus
- Experience Threat Model the application in order to discover the security risks in the application. The output from the threat model will drive the areas of focus in the secure code review.
- A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures
- Application source code security review skills
- Experience with programming languages such as Java, C, C++, C#, and .NET
- Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications and other Industry Related Security Standards
- Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry (PCI) or Corporate Compliance
- Consulting experience in Information Security
Education & Professional Credentials
- Bachelor’s degree in relevant discipline (e.g. MIS, CIS) required.
- Required minimum GPA 3.0.
- 7+ years in a related field required, preferably in professional services and/or industry.
- Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT is a plus
Ability to Travel
- Limited Travel throughout the month required based on client requests/commitments.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
For all US & Canada Postings: You may submit your application materials online or call 1.888.556.7420 for additional ways to apply. Protiviti is an Equal Opportunity Employer. M/F/Disability/Veteran
PA PRO PHILADELPHIA