Descripción del puesto de trabajo
This is a position only for Buenos Aires, Argentina
Application Security subject matter expert providing consultant services to IT professionals on software
development processes, best practices, and secure coding standards.
- Ensure the enterprise is following application security requirements and principles, secure coding
standards and best practices.
* Provide System Development Lifecycle (SDLC) tools and process consulting to projects and teams to
ensure secure design and code.
* Develop an in-depth understanding of where our scanning and vulnerability date resides, how to access
and integrate it to develop measures and deliver trending analysis and better visibility into the state of
application security. This will require driving solution delivery from one of our tool providers.
* Provide operational support for Application Security technologies (HP Fortify), and consulting for SAST
remediation of application security issues.
* Maintain secure coding guidelines.
* Provide support to SAST scan using different development IDE’s (i.e., Visual Studio 2005-2015 &
* Stay current on application security and associated cross-functional issues.
* Support and evolve the inclusion of appropriate application security clauses in Chevron contracts
(working with Procurement and Legal).
* Develop metrics and deliver trending analysis of application security.
* Contribute to the evolution of application security maturity expectations and OC for the enterprise;
measure CVX app security maturity; maintain relationship(s) with app security training provider and
consult on content development.
* Active leadership and participation in the Application Security Technical Network (ASTN) and Software
Engineering Community of Practice; connect to other CoPs.
- Strong communication and presentation skills including the ability to interface across the IT function, and
with business partners and external parties globally.
* Ability to work independently and in alignment with team goals.
* Database metrics skills: ability to access and integrate data to develop measures, deliver trending
analysis and better visibility into the state of application security.
* Understanding of industry standard lists of vulnerabilities (i.e. OWASP Top 10, SANS 25, cve.mitre,
* Ability to prioritize work.
* Results oriented with strong focus on execution.
* Motivation and ability to learn new technologies quickly.
* Critical thinking and problem solving are vital.
* 5+ years of experience in designing and developing applications and knowledge in some of the following
technologies: Microsoft Development Technology stack (e.g.: .NET, SCM, MVC, WCF; SOA); Javabased
technology, Workflow and reporting technologies; Database technologies such as Oracle and
* Comprehension of various development paradigms such as Object Oriented Programming, Web-
Oriented Architecture, etc.
- Ability to influence the IT function and reduce risk across the Enterprise.
- Ability to build standard operating procedures and processes.
- Strengthen ability to mitigate vulnerabilities in OWASP Top 10 and knowledge of other industry standard
vulnerability lists (i.e. SANS 25, cve.mitre, NIST, etc.).