Company Profile:

Kimberly-Clark Corporation is an American multinational personal care corporation that produces mostly paper-based consumer products. The company manufactures sanitary paper products and surgical & medical instruments.

Job description:

Overview
Conduct application security testing to comply with corporate policies, and regulatory requirements. Coordinate and execute application security tests, communicate the results to relevant stakeholders, and help application developers understand how to fix code security issues.

Responsibilities:
• Conduct thorough application security penetration tests
• Work effectively with a cross-functional team to plan, execute, and communicate findings from application security testing
• Work with application owners to improve their knowledge and practical application of information security best practices, including but not limited to threat assessment, vulnerability prevention and secure coding practices.
• Partner with DevOps team to ensure application security tools such as SAST and DAST are performing well and generating accurate testing results.
• Flexibility to change direction and manage conflicting demands.

Experience:
• 5+ years of application security experience; 7+ years of total technical experience
• Experience in running static analysis (SAST) and dynamic analysis (DAST) tools and processes
• Experience in conducting web application penetration tests

Qualifications:
• Strong web application security knowledge with thorough understanding of web, mobile, and API testing
• Knowledge of application security architecture and ability to perform risk assessments on identified applications.
• Development background in .Net, Java, and/or Python a plus
• Strong knowledge of Security Standards, frameworks, and groups (OWASP, WASC, OSSTMM)
• Knowledge of the software development lifecycle under agile environment in a large enterprise
• Knowledge of database, application, and Web server design
• Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities
• Knowledge of public cloud services

Education:
• Bachelor's degree in Computer Science, Information Technology or equivalent
• Advanced degree preferred
• Certifications including GWAPT, GWEB, GPEN, OSCP, CSSLP, CASE, or similar preferred