The Application Security Lead Analyst will perform application security assessments, code reviews, and application penetration testing. This position is a great opportunity for someone with strong web application development and security skills. This is a technical hands-on role that will utilize your web application development and security skills but does not involve coding.
- Conducting web, mobile, and application security assessments, and penetration tests. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tools.
- Performing source code reviews using automated tools and manual analysis
- Writing a formal security assessment report for each application to determine security risk, compliance with documented security standards and remediation requirements
- Lead meetings with development teams to scope out new requests, deliver assessment results, and consult on application remediation.
- Develop standard method and process for testing following industry best practice including OWASP testing guide
- Is responsible for the execution and delivery of planned project deliverables and milestones
- Bachelor Degree in Computer Science, Mathematics, Engineering or other STEM area of study preferred.
- Proven understanding of Software Security Architecture and Design
- 6+ years of professional experience
- 3-5 years of experience developing and securing web applications
- Experience performing web application security code, penetration, and analytical testing and using vulnerability testing tools.
- Proven experience with vulnerability assessment tools such as QualysGuard, Fortify Source Code Analyzer, WebInspect, Burp, etc.
- Experience implementing controls for web and mobile applications
- Knowledge of OWASP tools and methodologies, web application firewalls, and network security
- Strong written and oral communication skills
Not Eligible for Relocation