---

---

Location

Michigan | United States

---

Job description

Job Description:

Functional Knowledge:

• Chrome/Firefox/Edge Development tools to see the request/response headers.
• Familiarity with Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud)
• Experience with Coverity, BlackDuck, CodeDX, Fortify, a plus.
• Request/Response headers for web and Restful API calls
• Ability to explain in detail any of the OWASP top 10 vulnerabilities.
• Cross Site Scripting, Injection attacks, SSRF, CSRF, XML entity, etc.
• API Security
• JWT
• OAUTH/OIDC/PKCE
• Web, API replay attacks
• High-level understanding of containers
• Cloud development experience (Azure, AWS, GCP)

Minimum of 5+ years of total IT related experience.

• 3+ years implementing/utilizing Federal, Industry and Open-Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode, etc.)
• 3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks.
• 3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
• 3+ years of hands-on knowledge building and deploying secure complex distributed web and mobile applications.
• United States Citizen and ability to pass a CJIS background check.

---

Job tags

---

---

Salary