Previous Job
Previous
Vulnerability Analyst
Ref No.: 18-63128
Location: Irving, Texas
Position Type:Full Time/Contract
Experience Level: 8 Years
Start Date: 08/29/2018
Fort Lauderdale, FL
 
Job Description:
The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Client business functions, subsidiaries, managed facilities, critical infrastructure components as well as service provider arrangements that include Client branded and co-branded applications.
 
Candidates for this position must have strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Client Vulnerability Assessment process, allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.
 
Other key duties include providing application vulnerability assessment services to Client businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.
 
Pre-requisites for this position are a Bachelor's Degree with 3 to 7 years of experience in web development using  programming languages such as Java or .NET. An expert level understanding of security, web-based, mobile and infrastructure vulnerabilities is required.
 
Experience conducting one or more of the following functions:
   1) Application Vulnerability Assessments 
   2) Source code review preferably in  Java and .NET languages using tools such as AppScan, Client Fortify or Checkmarx
   3) Application architecture reviews or threat modeling and  knowledge of common attack patterns or exploitation techniques
 
Articulating security issues to technical and non-technical audience is also required. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
 
Skills:
  •           Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or  .NET.
  •           A good understanding of security vulnerabilities of web-based, mobile and desktop applications is required.
  •           Experience in applications security, cryptography, network security, systems security or reverse engineering.
  •           Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.
  •           Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP, CEH and GIAC.
  •           In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.