IBM Appscan consultant

Conduct secure code reviews for scrum teams to identify possible security bugs due to coding practices Be able to work with scrum teams for security solutions as part of project discussions such as confidentiality adherence, SPI / PCI data treatments etc Manage security vulnerabilities by, False positive eliminations - review reports in Fortify SSC, Veracode and WebInspect and identify false positives and submit for approvals Assign owners - based on the revised list, work with development leads to assign vulnerabilities to target scrum teams Remediation follow-through- Follow/up with dev teams for adhering to fixing vulnerabilities within established SLAs Fix security issues - be able to fix vulnerabilities when needed. For this, the resource should have hands-on Java development background Work with infrastructure teams to initiate remediations plans for certain infrastructure vulnerabilities. For example, Apache webserver vulnerabilities, critical security patches for weblogic etc Work with customer/CSO teams on special security projects at an advisory level - can be groomed Proficient in Java to provide code fix for the identified security flaws when needed.