Senior Application Security Analyst - Vice President
About The Position
Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases. Demonstrate the impact of any identified vulnerability through the development of proof-of-concept code. Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures. Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience. Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
Requirements
- 6-10 years of experience in an engineering role
- Minimum of 3-5 years of experience in a penetration testing or application development role
- Strong understanding of a variety of application architectures (Microservices, REST APIs, SOA, MVC), software development methodologies (Agile, DevOps, Waterfall), programming/scripting languages (Java, .NET/C#, C/C++, Python, Ruby), development frameworks (Spring, Struts, AngularJS, NodeJS), and application infrastructure (web/app servers, middleware components, databases, public/private/hybrid cloud deployment, cloud service models - SaaS/PaaS/IaaS).
- Hands on knowledge and experience in a subset of the following tools: BurpSuite Proxy, AppScan, WebInspect, CheckMarx, BlackDuck, Snyk, Nessus, NMAP
- Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP.
- Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25.
- Demonstrated experience in vulnerability discovery, analysis, and exploitation.
- Understand CVEs and should be able to reproduce proof-of-concept easily.
- Comfortable with manual application penetration testing and threat modeling.
Nice To Haves
- Prior experience with application development and performing manual code review is a plus.
- Master's Degree in Computer Science, Cyber Security or related field
- Bachelor's Degree in Computer Science, Cyber Security or related field
Responsibilities
- Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases.
- Demonstrate the impact of any identified vulnerability through the development of proof-of-concept code.
- Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.
- Report and articulate the vulnerability assessment results to any audience.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
