Application Security Specialist

Company: The Hertz Corporation
Location: Estero
Posted on: May 24, 2023

Job Description:

Overview:
The Application Security Specialist is a key member of the Cyber Security & Compliance organization to monitor internal and external security threats and risks, provide in-depth analysis, and remediate to return Hertz to normal business operations. This role is dedicated to the discipline of Application Security and Secure Software Development Cycle (SSDLC).
APPLICATION SECURITY
+ Work with a team of Product DevOps/SecOps Engineers to architect and secure AWS applications.
+ Ensure compliance and security of public cloud properties.
+ Create secure design patterns and libraries for cloud applications in areas such as data protection, key management, authentication, and authorization.
+ Develops standards, policies and procedures best practices documentation.
+ Translate security and technical requirements into business requirements and communicate security risks to different audiences ranging from business leaders to engineers.
+ Work closely with application developers and system administrators to deliver secure solutions to complex technology challenges and business requirements.
+ Shares lessons learned, initial indicators of detection and opportunities for strengthening systems and applications to management.
+ Collects information from a wide variety of sources, and aggregates the data relevant to the Hertz security environment.
+ Act as a security liaison and present security architecture along with Application Teams in periodic Architecture Review Board meetings.
TECHNICAL EXPERTISE
+ Bachelor degree in Computer Science, MIS, or related field.
+ 5+ years of Information Security experience required, preferably in a global Fortune 500 corporation.
+ Knowledge of OWASP top 10 and able to identify vulnerabilities and possible exploits. Provide remediation guidance.
+ Strong experience with Amazon EKS Amazon Kubernetes Service
+ Strong understanding of modern deployment tools like Jenkins, Git, Docker
+ Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments
+ Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
+ Experience in testing web-based APIs (i.e., REST, SOAP, XML, JSON) and AWS Serverless applications.
+ Application or system hardening, Security Testing / Penetration Testing, Fuzzing, Cloud security.
+ Hands-on experience performing threat modeling, including STRIDE and PASTA methodologies
+ Familiarity with MITRE ATT&CK Enterprise Matrix and MITRE D3FEND
+ Excellent written and oral communication skills in English
+ Well versed in a variety of development languages, protocols, code repositories, and application security testing platforms.
+ Certifications desired: AWS Cloud Practitioner, Certified Information Systems Security Professional, (CISSP) Certified Ethical Hacker, (CEH) GIAC Security Essentials Certifications, GIAC Certified Intrusion Analyst, Global Information Assurance Certification, Forensics certifications.
The Hertz Corporation operates the Hertz, Dollar Car Rental, Thrifty Car Rental brands in approximately 9,700 corporate and franchisee locations throughout North America, Europe, The Caribbean, Latin America, Africa, the Middle East, Asia, Australia and New Zealand. The Hertz Corporation is one of the largest worldwide airport general use vehicle rental companies, and the Hertz brand is one of the most recognized in the world.
**US EEO STATEMENT**
At Hertz, we champion and celebrate a culture of diversity and inclusion. We take affirmative steps to promote employment and advancement opportunities. The endless variety of perspectives, experiences, skills and talents that our employees invest in their work every day represent a significant part of our culture and our success and reputation as a company.
Individuals are encouraged to apply for positions because of the characteristics that make them unique.
EOE, including disability/veteran

Keywords: The Hertz Corporation, Cape Coral , Application Security Specialist, Other , Estero, Florida