Client's Information Security Team is seeking an application security expert. The selected individual will help identify vulnerabilities in application source code through the use of static analysis, perform manual and automated verification, and recommend appropriate cost effective mitigation. This position will also be responsible for helping execute web and mobile application penetration tests as needed. This position requires advanced knowledge of the OWASP Top 10 and OWASP Mobile Top 10 with the ability to explain attacks and mitigation to developers.
Essential Job Functions
• Communicates, presents, and discusses vulnerabilities with internal development teams.
• Be the subject matter expert for new vulnerabilities, existing vulnerabilities, and possess the ability to discuss the dangers with developers in a clear and concise manner.
• Understand the concepts of both the mobile and standard OWASP Top 10 lists.
• Consistently demonstrates regular, dependable attendance & punctuality.
• Performing static code analysis with tools such as Fortify.
• Perform manual code inspection with an advanced knowledge of source code vulnerabilities.
• Ability to utilize and configure application pentesting tools appropriately.
• Advanced knowledge of Burp Suite Pro, Nessus, and Acunetix.
• Ability to perform web and mobile penetration testing.
• Ability to help mitigate vulnerabilities as requested through code generation.
• Understanding of many different application stacks and how to appropriately use them.
• Understanding and ability to use technologies such Puppet and Chef.
• Ability to recommend and implement appropriate Web Application Firewall (WAF) settings.
Specific Requirements & Skills
• Must demonstrate high technical aptitude and experience in Information/Cyber Security.
• Must have a combination of PCI, HIPAA, HITRUST and/or SOX experience.
• Ability and experience in working with Amazon to scope and request testing.
• Basic understanding of telephony technologies, ie UCAAS, VoIP, Telco, MSO, Cloud and/or Hosting companies.
• Experience and understanding of multiple security platforms and layers including Firewalls, Proxy servers, Intrusion Prevention Systems, Web Application Firewalls and Logging Correlation. Along with the knowledge and ability to bypass them through both automated and manual techniques.
• One or more of the following certifications is highly desired; CSSLP, GWEB, or OSWE.
• Must have excellent written and verbal communication skills and the ability to explain technical concepts to technical or non-technical personnel.
• Ability to work a flexible schedule based on testing needs. This may include nights and weekends.
• Key Technology Partners: AWS Waf and Shield, Acunetix, Fortify, Burp Suite, OWASP, Android, sSDLC, Rapid 7, and Tenable.