The Application Penetration Test Analyst is responsible for the security testing and risk analysis of CLIENT's software applications using various application security tools. Interaction with CLIENT software developers to provide guidance, best practices and technical assistance in remediating software application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.
- Minimum of 5 years of software application penetration testing experience
- Expert on using Web Penetration Testing tools such as Burp Suite and WebInspect
- CEH - Certified Ethical Hacker Certification
- CISSP – Certified Information Systems Security Professional
- Bachelor's degree
- Experience in Static & Dynamic Code Analysis, OSS Reviews
Good to have
- Knowledge of Web Application Firewalls, Runtime Application Self-Protection (RASP) and Reverse Proxies
- Knowledge with public/hybrid clouds & cloud technologies utilizing Amazon Web Services (AWS) and applying that to application security tools/functions
- Ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
- Knowledge in Web Programming languages and Python development environments
- Knowledge in standard application development/management tools such as Jenkins, Git, Puppet, Chef, or Docker
- Scripting skills in Python or PowerShell is highly desirable
- A SANS, CISSP, OSCP, AWS Solutions, or Architect certification is preferred
- Perform Software Application Penetration Testing.
- Prepare vulnerability report that details finding, vulnerabilities, and test procedure.
- Explain application risks that have been identified during pen test to the software developers.
- Improve and maintain secure development standards and manage application security framework improvement projects
- Integrate security tools, standards and processes into the Software Development Life Cycle (SDLC) for both on-premises & cloud
Job Type: Full-time
- Penetration Testing: 1 year (Required)
- Temporarily due to COVID-19