Sr. Vulnerability Management Engineer

ASM Research

About The Position

Ensures adherence to application security in all phases of the software development life cycle. Collaborates with team members and acts as an expert resources to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Serves as the expert in all matters related to Cyber Security Engineer, mentoring and coaching junior team members.

Requirements

Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master’s Degree preferred.
12+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
Expert knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
Expert knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
In-depth experience with static code analysis tools including HP Fortify.
Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools.
Experience working with GIT source code management.
Must have solid working experience and knowledge of Unix/Linux operating system.
Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB.
Comprehensive understanding of Agile/Scrum methodologies.
Experience with Axiomatics.

Responsibilities

Perform vulnerability assessments of client assets.
Configure, tune, and operate industry standard vulnerability assessment tools.
Coordinate, schedule, and support vulnerability assessment requests.
Evaluate vulnerability notifications to determine applicability, saturation, and potential impact.
Analyze vulnerability reports and produce summary guidance for System Owners and administrators.
Monitor remediation efforts of findings and communicate progress to stakeholders.
Develop, capture, and deliver summary metrics of vulnerability assessment activities.
Draft and deliver executive and technical briefings on vulnerability assessment related topics.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume