Job Code : 882
Category : Security
Type : Contract to Hire
Job DescriptionDuration: 6 Month
Rate: 65-75K + Bonus
Position Summary and Functions:
This Application Security Analyst I will conduct a variety of security related functions. This will include security testing of applications using in-house tools, as well as coordinating with other 3rd parties as necessary for external penetration scans or application assessments. This role will also participate in efforts that will result in the integration of application security and/or information security requirements, controls and processes into the Software Development Life Cycle (SDLC) or Project Life Cycle. This position will also participate in technical risk assessments, exposure assessments and recommendations for remediation of vulnerabilities or other risks. Essential functions include:
• Performs testing of new and existing applications for security vulnerabilities.
• Ensures that application vulnerability scans are scheduled and performed as required.
• Ensures scan results are analyzed in a timely manner.
• Will participate in the creation and management security testing automation.
• Ensures remediation to issues are applied as per the vulnerability policy.
• Tracks open issues and follow up with different teams to track and address the open issues.
• Promote secure coding practices within the software development teams.
• Bachelor’s degree in computer science/information systems or related field
• Knowledge of common security vulnerabilities such as OWASP Top 10, SANS Top 25
• Experience in security testing web applications, mobile applications a significant plus
• Experience in scripting (Python, Ruby)
• Knowledge of software design, server, software, and network architecture, protocols, and standards
• Must have been in a technology or security related field for at least a year (academic experience will be considered)
• Excellent verbal and written communication skills
• Experience in the payments/banking domain a plus
• Must be available for on-call for potential security response
• Certified ethical hacker (CHE), CSSLP, or CISSP a plus