This company requires deep technical experience in vulnerability management. This individual will be responsible for performing various cyber-assessment activities. This includes performing manual security assessments on web and mobile applications and services, setting up and maintaining the integrity of scans performed by Dynamic Application Security Testing (DAST) tools, performing manual validations of issues from DAST scans, managing and maintaining Static Application Security Testing (SAST) tools, and working with development teams to help them understand security issues.
- Conduct highly-manual security assessments on web and mobile applications and services in order to help this company improve their existing security controls and mechanisms
- Manually validate security findings from application and vulnerability scans
- Perform independent research to stay current on the latest relevant threats
- Improve the overall web security assessment program by updating shared resources with Tactics, Techniques, and Procedures (TTPs)
- Clearly document security findings and present issues to development teams
- Reduce the risk posture of the environment by conducting regular security gap analysis
- Integrate security tools, standards and processes into the security assessment process
- Support incident response and architecture review processes whenever security expertise is needed.
- Reliable, adaptable, and resilient
- Excellent written and verbal communication skills. Organized.
- An ability to think methodically, attention to detail, and a healthy paranoia
- Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks
- Outstanding work ethic
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
- Excellent judgment and self-motivation
- Experience working with global teams across time zones, cultures and languages
- Application Security, Security, manual penetration testing, Burp Suite, AppScan-DAST, AppScan-SAST
- Networking, network security
Salary and Other Compensation:
The annual salary for this position is between $100,000-$130,000 depending on experience and other qualifications of the successful candidate.
- Medical/Dental/Vision/Life Insurance
- Paid holidays plus Paid Time Off
- 401(k) plan and contributions
- Long-term/Short-term Disability
- Paid Parental Leave
- Employee Stock Purchase Plan
- Minimum of bachelor’s degree in Computer Science, cybersecurity, or a related field
- Minimum of 5 years of experience performing technical security assessments
- Minimum of 3 years of experience performing application security assessments with Burp Suite
- Deep technical understanding of security issues relevant to web and mobile application security, such as the OWASP top 10, and the ability to explain, identify, and recommend fixes.
- Thorough understanding of the OSI model and ability to discuss technical concepts as it relates to the OSI model
- Understanding of the mobile threat model and mobile security frameworks (Android, iOS)
- Experience performing external network penetration testing activities to identify vulnerabilities in infrastructure
- Experience creating a footprint of public-facing company network blocks and domain names
- Experience setting up and performing research in a lab environment
- Ability to translate security concepts into language that is meaningful to a broad audience
- Demonstrate ability to influence decision-making processes at all levels of Cognizant team
- Relevant certifications are preferred (CEH, GWAPT, SANS, OSCP, OSCE).