Header

Senior Application Security Specialist United States

The Senior Application Security Specialist will be responsible for the assessment of applications including websites and mobile code to company standards and best practices for mitigating such risks of unauthorized access to data, privacy breach, DDOS and fraud. As an application security specialist the main goal is to balance both security and business imperatives using a risk based approach and to validate security controls by performing application security tests across systems that are operated by the Company and at Third Parties including software as a service. The application security review will include: code reviews, database testing, network, and platform/OS security. This position will work with system owners to develop appropriate remediation plans as well as key reports that will highlight systemic issues across the Company that will require broader remediation.

Responsibilities:

1. Provide subject matter expertise on application security including website and mobile security. The senior application security specialist will coordinate with security experts in other units, e.g., Incident Management, and Information Security Awareness to train developers and third parties on best practice for application security in the design and build phase.
2. Perform application security testing to ensure that TCCC, CCR, and BIG services, applications, and websites are implemented with appropriate controls to mitigate the risk of unauthorized access to information, a privacy breach, Business interruption, DDOS, common attacks that could lead to defacement or fraud. This individual will leverage industry standards such as OWASP and BSSIM to develop a testing framework that includes policy and technology. This individual will work with I.T. individuals and system owners to develop remediation plans that are appropriate to manage the risk.
3. This individual will benchmark the program and partner with external entities to Identify and assess emerging risks to applications including known potential targeted against Coca-Cola application systems. Where an attack is imminent, this individual will work with the IT Incident Manager to alert system owners and third parties to assist with ‘early detection’. Ability to perform on call functions and respond to emergency calls during non-business hours.
4. This individual will assist in the collection of an application inventory including those applications that process highly restricted data and PII. This information will be shared with the Risk Assessment team and the Chief Privacy Officer in order to ensure that there are appropriate controls in place to address the level of sensitivity.
5. This individual will establish a certification program for third parties who build applications and websites for the company. This individual will be responsible for reviewing compliance in order to maintain certification. This individual will also work with the Cloud Security Alliance to contribute control criteria that can be used across the industry to improve the security and governance of SaaS offerings.
6. This individual will develop a reporting framework that includes systems owners and executive management in order to communicate the success of the program and identify opportunities for program improvement.

Qualifications:

• CISSP, CISM, CISA, CCSA, CCSE Preferred
• Mac OS X and/or iOS programming experience
• User-interface programming experience
• Protocol reverse engineering, particularly Proto Buffs and Web Technologies
• Binary reverse engineering, particularly for mobile platform technology stacks
• 10 or more years of experience working in Information Technology field
• 8 or more years of hands on experience in two or more of the following: application security, network security, or platform/OS security in engineering, architecture or consulting capacity.
• 5+ years of penetration testing or ethical hacking either for a consultancy or a large enterprise
• Formal training and general certification in the security field, both vendor agnostic and vendor specific (such as CCIE, CISA, CISSP, GIAC)
• Expert in Application Security and industry standards like BSSIM.
• In-depth knowledge of web application security and industry best practices (i.e, OWASP, WASC, etc), as well as SDLC.
• Ability to program and script in various languages (i.e., Python/Perl, Ruby, Java, shell scripting, .Net).
• Ability to conduct secure code analysis manually or using SCA software.
• Capable of conducting various levels of application penetration testing using industry accepted frameworks.
• Working knowledge of web application firewalls and vulnerability assessment technologies.
Experience analyzing malicious code in the form of malicious binaries and web-based scripting (e.g. malicious JavaScript).
• Good understanding of enterprise level security technologies from tier one vendors.
• Experience in using network protocol analyzers and sniffers such as WireShark, and Netscout, as well as ability to decipher packet captures.
• Thorough understanding and hands on experience with next generation and web application firewalls, VoIP security and wireless security technologies.
• Capable of conducting various levels of application security penetration testing using industry accepted frameworks.

Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace.

This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen.

Designated countries or sensitive positions within the company may have more stringent standards.

At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
Senior Application Security Specialist United States