We are looking for an experienced Enterprise Security Expert / Web Application Security Analyst with demonstrated hands-on experience performing security assessments of web-based applications including threat modeling, vulnerability assessments, and penetration testing. The successful candidate will possess strong knowledge and experience in various IT security domains with a focus on web application security and current application information security threats, as well as networking, and network security.
In this capacity, the Analyst will be primarily responsible for performing information security assessments of web-based applications, code reviews and web application security consulting.
- Perform web application threat modeling, vulnerability assessments, code reviews, and develop mitigation strategies;
- Formulate assessment reports outlining findings and specific actionable recommendations;
- Formulate assessment reports outlining identified information security vulnerabilities;, potential impact; provide and prioritize actionable recommendations, and estimate remediation effort levels;
- Develop testing procedures and scripts.
- Bachelors in Computer Science or related field or equivalent work experience;
- 4-6 years of progressively responsible experience in information security, web application vulnerability assessments and penetration testing is required;
- Experience with TCP/IP networking (LAN, MAN, WAN) systems;
- Knowledge of network security, current information security threats and incident management concepts and practices;
- Development and/or vulnerability testing experience with web frameworks and programming including HTML, JSON and Ajax, .NET, ASP, PHP, WordPress, and Drupal;
- Experience with scripting languages such as bash, Perl, Python, PowerShell;
- Experience with vulnerability scanners, penetration testing, as well as with web application testing tools such as Burp, OWASP Zap, Nessus, Nmap, NeXpose, Metasploit, Wireshark, IBM Rational AppScan;
- Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools;
- Knowledge of SDLC practices, common security requirements within PHP, mysql, mongoDB and
- Certifications like CISSP, CEH, GPEN, GWAPT, GXPN, GWEB, GSSP-JAVA, GSSP-.NET are desirable.