Senior Application Security Analyst

$130,000 - $140,000 yearly
  • The Resume Review - Recruiting Department
  • Remote (Reston, VA, USA)
  • Jul 14, 2021
Full time Information Technology

Job Description

Job Description
As a valued colleague on our team, you will provide the assessment of systems and networks, and identify deviations from acceptable configurations.
The Applications Security - Technology Assessment - Senior Associate role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:
  • Collaborate with team on assessments of systems and networks within the network environment.
  • Identify where systems/networks deviate from acceptable configurations and policies.
  • Contribute to managing security configuration program.
  • Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Qualifications THE EXPERIENCE YOU BRING TO THE TEAM Minimum Required Experiences
  • Experience identifying OWASP Top 10 vulnerabilities through Penetration Testing and Source Code Reviews
  • Application Penetration Testing experience in AWS (not Pen Testing of AWS services)
  • Excellent communication skills (writing, documenting and verbal)
  • What an asset’s confidentiality/integrity/availability requirements are, and use that knowledge to determine the correct impact/likelihood for a vulnerability that has been identified
  • Experience White-Box Pen Testing of
    • Web Application
    • Thick Client applications
    • REST/SOAP Services
  • Code Review experience:
    • Java
    • .NET
    • Python
    • PHP
    • C/C++
    • Rest API
  • Experience with Tools:
    • Fortify SCA
    • Postman
    • SOAP UI
    • Burp
Desired Experience
  • Ability to corollate between confidentiality, integrity, and/or availability of an asset
  • Experience with DevOps; CI/CD process
  • Experience with Kanban
  • Code Review experience:
    • Perl
    • R
    • Ruby
  • Application Penetration Testing experience in Cloud environments (not AWS)