Responsibilities include:

 Working withapplication development and QA teams across multiple products to: Review,evaluate and prioritize vulnerability findings

Provide SME support on secure code implementation, designand architecture.

Threat-modeling & risk analysis

Training

 Participate inproviding annual OWASP & PCI training for developers

Helps maintain updated Secure Coding Best Practices

 Common applicationlevel vulnerabilities

 Risk Management

Findings/vulnerability prioritization

Mitigation strategy

 Controls Evaluation –Review, validate, recommend and create standards

 Review of open-sourcedevelopment libraries for security risks

Web application firewall (WAF) rule development andimplementation

 Security technologiesreview and recommendations

REQUIREMENTS

Qualifications:  Bachelors of Computer Science orsimilar – 6 or more years of experience in applying Information Security bestpractices to Information Technology assets plus 5 or more years of experiencewith software development.

Experience with static and dynamic vulnerabilityidentification using industry leading scanning tools and manual code reviews –

Experience with the Top 10 OWASP (Open Web ApplicationSecurity Project) vulnerabilities (most critical web vulnerabilities) and howto identify and remediate them –

Solid understanding of Information Security in general andthe specific behaviors that would secure TSYS information assets –

Ability to translate Information Security policies andprocedures into language that a business and/or technical person canunderstand; and ability to effectively communicate with both non-technical andtechnical people - Strong problem solving with the ability to methodically andobjectively analyze and resolve Information Security challenges - Ability towork well inside and outside the team.