Position: Application Security Analyst

Level: Mid to Senior Level

Position Description:
The successful candidate will perform application security assessments, code reviews, and SDLC consulting.

Projects may include:

  • Performing application vulnerability assessments
  • Performing code review across a variety of programming languages
  • Performing assessments of SDLC processes
  • Developing testing scripts and procedures
  • Other security-related projects that may be assigned according to skills

Requirements:
The successful candidate MUST meet the following requirements:

  • Strong ethics and understanding of ethics in business and information security
  • Proficient English language written and oral communication skills
  • Understanding and familiarity with common code review methods and standards
  • Experience with code scanning toolsets such as Fortify and Ounce
  • Knowledge of OWASP tools and methodologies
  • Understanding of HTTP and web programming
  • Knowledge of common security requirements within ASP.NET application
  • Knowledge of standard SDLC practices
  • Minimum of 3 years work experience in application security
  • Minimum of 5-7 years of IT or software development experience
  • Ability to complete tasks and deliver professionally written reports for clients
  • Ability to present findings to technical staff and executives
  • Possess current security certifications (e.g., CISSP, CEH)
  • Must be able to pass a background check
  • Must be qualified to work in the U.S.

Optional Requirements:
The successful candidate SHOULD meet these additional requirements as a plus:

  • Degree in either Computer Engineering, Computer Science, or Information Systems Management
  • Experience working in software development
  • Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
  • Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
  • Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
  • Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)