Previous Job
Previous
Apps Security Analyst-DAST
Ref No.: 20-00646
Location: Newark, New Jersey
Job Summary:
  • The Application Security Analyst will partner with developers and business owners from applicable technical teams to conduct application security assessments on software such as operating systems and web applications. The individual will work closely with technical teams and analyze potential impacts and pitfalls associated with threats and vulnerabilities to high risk assets.
  • Candidate will advise technical teams on options to mitigate and accordingly must have excellent verbal, written and interpersonal communication skills.
  • Will work closely with Enterprise Developers and Technical Managers
  • This position reports to the Director of Enterprise Security Architecture.
  • Perform dynamic vulnerability analysis of web applications and infrastructure components to reduce the security risk to the organization
  • Craft custom proof of concept application exploits using testing tools and frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc
  • Research new and emerging threats and incorporate test vectors for detection
  • Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps.
  • Communicate to development teams and senior managers vulnerabilities
  • Create and deliver knowledge sharing presentations and documentation to developers and operations teams
  • Learn on the job and explore new technologies with little supervision to identify new and emerging security threats'
  • Help drive design decisions based on known vulnerabilities
  • The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position.
  • This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.

Qualifications:
  • Requires bachelor's degree in computer science.
  • Requires a minimum of 4 years technical work experience analyzing and decomposing application architectures to identify security gaps as well as experience in threat modeling (or a master's degree and 2 years of technical work experience analyzing and decomposing application architectures to identify security gaps as well as experience in threat modeling).
  • Prefer one of the above years in web application penetration testing experience.
  • SANS Web Penetration Testing Certifications.
  • Application security tools such as: HTTP and TCP proxies, fuzzers, scanners, debuggers, simulators, etc.
  • Common vulnerabilities in the OWASP top 10 list.
  • Protocols/technologiessuch as SOA, HTTP, SSL, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML.
  • Java Application and Java Application Serveradministration/tuning.
  • Amazon Web Services (AWS) and/or VMware vCloud and/or Docker.
  • Ability to understand software design algorithms.
  • Strong knowledge of one or more of the following programming languages: Java, C#, C, C++, SQL is preferred.
  • Ability to write scripts in languages such as Python, BASH, or PowerShell for automation preferred.
  • Ability to read and debug code preferred.