Seeking a Dotnet Security Developer proficient in .NET Core and .NET framework with expertise in ISO, PCI, and SOC2 compliance. Must have a strong grasp of security requirements and policies, capable of independently handling alerts and compliance needs in Vanta. Responsibilities include continuous library upgrades, monitoring SOC2 & PCI compliance in Vanta, securing health endpoints, implementing obfuscation in installers, and enhancing password security cryptography.
Mandatory Skills :
.NET Core, .NET framework.
Experience working with ISO, PCI and SOC2 (Please refer below checklist of .NET coding best practices specific to ISO, PCI, SOC2).
Need to have a strong understanding of security requirements and policies and be able to work and respond independently to the alerts and requirements in Vanta ( Preferred).
Tasks for the Security Developer.
Continuous library upgrades due to deprecation, out-of-date or vulnerable libraries.
Monitoring Vanta for SOC2 & PCI compliance requirements potentially including documentation work.
Add security limits on health endpoints in the software.
Possibly add obfuscation to the software installer.
Improve the password security cryptography in the product.
Checklist:
.NET Coding Best Practices for ISO 27001:
Data Encryption.
Authentication & Authorization.
Secure Session Management.
Data Integrity.
Logging & Monitoring.
Vulnerability Management.
Incident Response.
.NET Coding Best Practices for PCI DSS.
Secure Handling of Cardholder Data.
Encryption.
Access Control.
Logging & Monitoring.
Security Testing.
Tokenization & Redaction.
Patch Management.
.NET Coding Best Practices for SOC 2.
Security (General Security Measures).
Availability.
Processing Integrity.
Confidentiality.
Privacy.
Change Management.
Incident Response.
.NET Core, .NET framework, ISO compliance, PCI compliance, SOC2 compliance, Security requirements, Vanta, Library upgrades, Compliance monitoring, Health endpoint security, Obfuscation, Cryptography.