The Application Security Assessment analyst will have a wide range of vulnerability management responsibilities, with emphasis on risk assessment, remediation, and application owner engagement to ensure the removal of vulnerabilities from mobile and embedded technology solutions. This individual will be directly responsible for mobile and embedded vulnerability research, analysis, categorization, and communication of risks posed in the context of these technologies. This is a technical hands-on role that will utilize your mobile application development and security skills. Duties:
- Perform security code reviews encompassing application development (e.g., web, mobile).
- Perform analysis of 3rd party and in-house or enterprise mobile apps and produce report output based on the results.
- Leverage industry data standards and practices, including OWASP Mobile Top 10, CWE, PCI-DSS, MAPP-SRG, and common platform guidelines from Apple and Google.
- Maintain, execute, and refine processes to monitor, collect, and update information about threats and vulnerabilities for input into a continuous vulnerability remediation process.
- Review source code from a security perspective and produce recommendations and best practices outputs in various formats
- Leverage developer tools, such as Xcode, Eclipse, or Android Studio to perform reviews and perform analysis leveraging file system forensics and network analysis expertise in Wireshark and Burp
- Apply custom scripts to automate the collection and formatting of data, and use experience working in past mobile development efforts to provide optimizations to current app review process
- Participate in a collaborative team within dynamic, fast-paced, high-collaboration environment
- BA/BS in Engineering, Computer Science, Information Security, or related work experience
- 1 - 3 years of experience developing web and mobile applications preferred
- 3+ years of professional experience
- Experience with iOS or Android SDKs frameworks and software architecture
- Proven experience with vulnerability assessment tools such as Fortify Source Code Analyzer or equivalent tools
- Strong written and oral communication skills
Eligible for Limited Relocation