Search for More Jobs
Forward this job to a friend
Apply by email without Registering
Apply by creating/using account
Please enter your registered email address, and we'll email you a link to reset your password right away.
Artech is currently seeking to add to the below position
Job Title :Web Applications Security Test Engineer
Location :5880 Client Dr, Pleasanton, CA
Duration :6 to 12 Months
Job ID :CR086
· The scope of duties for the Web Application Security Test Engineer include, but is not limited to, the following:
· Acquire complete understanding of SCIF's technology and information systems.
· Capture and define the security test requirements.
· Plan, research, and design robust security architecture test strategy for any IT project.
· Perform vulnerability testing, risk analysis, and security assessments.
· Research security standards, security systems and authentication protocols with SCIF.
· Apply testing methodologies and tools to complex applications for finding weaknesses and security vulnerabilities early in the SDLC process.
· Understanding of Application security principles, risks, attacks, OWASP security guidelines and best practices to perform SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing and IAST - Interactive Application Security Testing.
· Develop test requirements for Web Applications Security Testing for all releases using automated tools and manual testing.
· Design test plans for DAST, OWASP Top 10 Most Critical Web Application Security Risks, public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
· Proficiency in Applications Security testing tools like Acunetix Web Vulnerability Scanner / Burp Suite / Fortify WebInspect, Nessus, Nmap and other open source tools.
· Define, implement and maintain Corporate or Enterprise security policies and procedures
· Oversee security awareness programs and educational efforts
· Respond immediately to security-related incidents and provide a thorough post-event analysis.
· Define all entry points to the system, such as: files, sockets, hypertext transfer protocol (HTTP) requests, named pipes, pluggable activities, protocol handlers, malicious server responses and so on.
· Analyze potential threats and risk analysis based on the entry points defined. Example of threats and the methods to analyze them.
The Consultant resource(s) shall possess most of the following skills:
· At least 5 years' experience doing web application security testing.
· Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
· Ability to flow from black box to gray box to white box tests dependent on client needs.
· Ability to test a variety of client form factors and technologies based on scopes of work.
· Ability to solve complex technical problems and articulate to non-IT personnel.
· Ability to effectively provide technical risk assessment of technologies in networks, applications, wireless, social engineering, code reviews and war dialing.
· Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
· Perform, review and analyze security vulnerability data to identify applicability and false positives.
· Research and develop testing tools, techniques, and process improvements.
· Create risk based security code reviews (static & dynamic).
· Conduct penetration testing in line with Open Web application Security project
· Mentor junior engineers to build their skills and contribution levels
· Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
· Support company through the testing and evaluation of new technologies and security controls.
· Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
· May require the performance of other essential functions depending upon work location or assignment.
· Experience with dev ops and SIEM tools (ie. Chef, Splunk and Vagrant)
· Experience with scripting languages (e.g. python, PERL, SQL) a plus
· Ability to perform below tasks:
· Dynamic Application Security Testing (DAST)
· Static Application Security Testing (SAST)
· Interactive Application Security Testing (IAST)
· Web Application Penetration Testing
· Product Security Testing
· Cloud Application Security Testing
· Web Services Security Testing
· Security Code Review
· Network Security Assessment
· Security Testing Tools: IBM Appscan, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
The Consultant resource(s) shall be knowledgeable in most of the following areas:
· Knowledge and understanding of basic information security principles (eg. OWASP Top Ten)
· Knowledge of security best practice guidelines (ISO 17799, NIST, etc.)
· Relevant professional experience including working knowledge of the Penetration Testing.
· OSI Layers and application protocols
· TCP/IP networking including IP classes, subnets, multicast, NAT
· WINS, DNS, and DHCP, Network troubleshooting
· Microsoft OS and Server technologies
· Remote access methods
· Backup and disaster recovery methodologies
· Patch management technologies and processes
· Wireless protocols and services
· Network analysis tools
· Familiarity with UNIX a plus
· CISSP, CISM, CISA, CEH, CEPT, GIAC, OSCP or other IS certifications a plus
Please apply on our company website (www.artechinfo.com) with reference to job ID, or contact me at Pradeep.V@artechinfo.com / 973.507.7539
Team Lead – Staffing
Artech Information Systems LLC
360 Mt. Kemble Avenue, Suite 2000 | Morristown, NJ 07960
Office: 973.507.7539 | Fax: 973.998.2599
Email: Pradeep.V@artechinfo.com | Website: www.artechinfo.com
About Artech Information Systems LLC
Artech is an employer-of-choice for the last 25 years to over 7,500 consultants across the globe. We recruit top-notch talent for over 70 Fortune and Government clients coast-to-coast across the U.S., India, and China. We are #1 Largest Woman-Owned IT Staffing Firm in the US and this may be your opportunity to join us! For more check: www.artechinfo.com
Connect with Artech through Social Media
Learn more about our company including the latest events at Artech, new job opportunities, jobseeker tips, and more. Follow us on Facebook, Twitter, LinkedIn, Google+, and YouTube
Apply by creating/using account