AIG Assessment & Effectiveness Team is looking for a Software Security Test Automation Manager to work in the Application Security Testing team. This position will be responsible for ensuring the integration of continuous security testing in DevOps Pipeline is successful. The successful candidate will simultaneously use current security testing tools to perform tests and drive the design, integration, and implementation of security testing tools into DevOps Pipeline.
DUTIES AND RESPONSIBILITIES
1. Research, document, and implement the existing or new security testing tools into applications’ Continuous Integration/Deployment (CI\CD) efforts.
2. Support and maintain current and new security testing tools as well as the infrastructure the tools run on.
3. Ability to perform static code reviews, dynamic security testing and manual security testing of applications and databases.
4. Implement testing processes that are streamlined and automated.
5. Partner with incident response, vulnerability management, risk management, attack & penetration, and other stakeholders to prioritize effort.
6. Create and implement framework for reporting on security metrics that demonstrate risk reduction.
7. Work with various stakeholders to prove the effectiveness of security tools that are in operation.
8. Implement processes that leverage industry trends to include machine learning and artificial intelligence.
9. Create security project schedules and documentation as needed.
10. Perform other security-related duties as requested.
-Strong background application security and penetration testing.
- Ability to write security tools to automate testing and to demonstrate security weaknesses in applications.
- Ability to converse with technical security staff as well as business executives.
- Knowledgeable in collecting metrics to prove effectiveness of efforts towards risk reduction.
- Up to date knowledge of the security landscape pertaining to new types of security weaknesses.
- Ability to positively influence the behavior of peers and build relationships with other teams.
- Self-starter, ability to work independently with minimal supervision and as part of a team.
- Minimum 6 years of experience in information security related positions
- Minimum 6 years of application security work experience- Familiar with common coding languages: JAVA, .Net, etc.
- Extensive experience utilizing static analysis tools. e.g. Fortify Workbench, AppScan Source
-Experience with Whitehat Sentinel/Source and experience working with Android and iOS products.
- Experience in describing application security coding concepts to personnel of both technical and non-technical backgrounds
- Strong understanding of application frameworks and technologies including Software Development Life Cycle methodologies
- An in-depth understanding of OWASP Top 10 and SANS Top 25 is required
- Professional demeanor required
- Must possess problem solving, multi-tasking, communications and convincing skills
Excellent verbal and written communication skills required
- Bachelor’s Degree (or equivalent work experience) required.
- Information security certifications: GSSP-.NET, GSSP-Java, CISSP, OSCP, etc. are preferred
- Strong scripting skills desirable
American International Group, Inc. (AIG) is a leading global insurance organization. Founded in 1919, today we provide a wide range of property casualty insurance, life insurance, retirement products, mortgage insurance and other financial services to customers in more than 100 countries and jurisdictions. Our diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange.
Join our Talent Network at www.aig.com/talentnetwork. Additional information about AIG can be found at www.aig.com and www.aig.com/strategyupdate | YouTube: www.youtube.com/aig> | Twitter: @AIGinsurance | LinkedIn: http://www.linkedin.com/company/aig. These references with additional information about AIG have been provided as a convenience, and the information contained on such websites are not incorporated by reference into this press release.