Stanley Black & Decker, Inc.
Application Security Lead, Cyber Security
Stanley Black & Decker, Inc., New Britain, Connecticut, us, 06051
Application Security Lead, Cyber Security
Direct message the job poster from Stanley Black & Decker, Inc. – New Britain, CT, United States – Hybrid Come build something that matters. It takes great people to achieve greatness. People with a sense of purpose and integrity. People with a relentless pursuit of excellence. People who care about making things better For Those Who Make The World. The Job: As Application Security Lead, Cyber Security, you’ll be part of our Tools & Outdoor team and will be working as a Hybrid employee. You will play a critical role in ensuring the security of a variety of SBD applications. Responsibilities: Conduct security assessments and penetration testing of web and mobile applications using tools such as Burp Suite. Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation. Collaborate with development teams to integrate security best practices into the Software Development Lifecycle. Utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning tools to automate security testing and improve the efficiency of vulnerability detection. Manage the vulnerability lifecycle, including identification, assessment/verification, mitigation assistance and remediation status tracking. Work with cross-functional teams to ensure timely and effective remediation of identified vulnerabilities. Stay up-to-date with the latest security threats, trends, and technologies, and proactively apply this knowledge to enhance our security measures. Develop and maintain security documentation, including security policies, standards, procedures, best practices/recommendations and guidelines. Educate and train development teams on secure coding practices and securing against the OWASP Top 10 vulnerabilities. Participate in incident response activities and exercises which would include: assisting in the initial investigation, pre and post mortem reporting, resolution of security incidents as well as assisting in documenting lessons learned to enhance security procedures for the future. Requirements: Bachelor’s degree in Computer Science, Information Technology, or a related field Hands-on experience with penetration testing tools and creating meaningful reports to present to internal stakeholders of varying technical backgrounds. Proven experience in application security, with a strong understanding of the NIST Cybersecurity Framework, OWASP SAMM, OWASP ASVS security requirements and the OWASP Top 10 vulnerabilities and their remediation. Proficiency in using Application Security Testing tools: SAST, DAST, SCA, secret scanning. Strong knowledge of vulnerability management processes, the stages of the secure development lifecycle process, common attack types and remediation techniques. Excellent problem-solving skills and attention to detail. Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders through both executive-level summary reports and detailed technical reports Relevant certifications such as CSSLP, CISSP, CISM, CEH, or OSCP are a plus. What We Offer: Competitive salary and a great benefits plan including medical, dental, life, vision, wellness program, disability, 401(k), Employee Stock Purchase Plan, paid time off, and tuition reimbursement. Discounts on Stanley Black & Decker tools and other partner programs. Opportunities to grow and develop your skills along multiple career paths. Access to a wealth of learning resources, including our digital learning portal. A diverse and inclusive culture that respects and embraces differences. Purpose-driven company that makes positive changes locally and globally through volunteerism, giving back, and sustainable business practices. EEO Statement: All qualified applicants to Stanley Black & Decker are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran’s status or any other protected characteristic.
#J-18808-Ljbffr
Direct message the job poster from Stanley Black & Decker, Inc. – New Britain, CT, United States – Hybrid Come build something that matters. It takes great people to achieve greatness. People with a sense of purpose and integrity. People with a relentless pursuit of excellence. People who care about making things better For Those Who Make The World. The Job: As Application Security Lead, Cyber Security, you’ll be part of our Tools & Outdoor team and will be working as a Hybrid employee. You will play a critical role in ensuring the security of a variety of SBD applications. Responsibilities: Conduct security assessments and penetration testing of web and mobile applications using tools such as Burp Suite. Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation. Collaborate with development teams to integrate security best practices into the Software Development Lifecycle. Utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning tools to automate security testing and improve the efficiency of vulnerability detection. Manage the vulnerability lifecycle, including identification, assessment/verification, mitigation assistance and remediation status tracking. Work with cross-functional teams to ensure timely and effective remediation of identified vulnerabilities. Stay up-to-date with the latest security threats, trends, and technologies, and proactively apply this knowledge to enhance our security measures. Develop and maintain security documentation, including security policies, standards, procedures, best practices/recommendations and guidelines. Educate and train development teams on secure coding practices and securing against the OWASP Top 10 vulnerabilities. Participate in incident response activities and exercises which would include: assisting in the initial investigation, pre and post mortem reporting, resolution of security incidents as well as assisting in documenting lessons learned to enhance security procedures for the future. Requirements: Bachelor’s degree in Computer Science, Information Technology, or a related field Hands-on experience with penetration testing tools and creating meaningful reports to present to internal stakeholders of varying technical backgrounds. Proven experience in application security, with a strong understanding of the NIST Cybersecurity Framework, OWASP SAMM, OWASP ASVS security requirements and the OWASP Top 10 vulnerabilities and their remediation. Proficiency in using Application Security Testing tools: SAST, DAST, SCA, secret scanning. Strong knowledge of vulnerability management processes, the stages of the secure development lifecycle process, common attack types and remediation techniques. Excellent problem-solving skills and attention to detail. Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders through both executive-level summary reports and detailed technical reports Relevant certifications such as CSSLP, CISSP, CISM, CEH, or OSCP are a plus. What We Offer: Competitive salary and a great benefits plan including medical, dental, life, vision, wellness program, disability, 401(k), Employee Stock Purchase Plan, paid time off, and tuition reimbursement. Discounts on Stanley Black & Decker tools and other partner programs. Opportunities to grow and develop your skills along multiple career paths. Access to a wealth of learning resources, including our digital learning portal. A diverse and inclusive culture that respects and embraces differences. Purpose-driven company that makes positive changes locally and globally through volunteerism, giving back, and sustainable business practices. EEO Statement: All qualified applicants to Stanley Black & Decker are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran’s status or any other protected characteristic.
#J-18808-Ljbffr