Application Vulnerability Assessment Sr Analyst
Ft. Lauderdale, FL | Contract To Hire
Application Vulnerability Assessment Sr Analyst - Ft Lauderdale, FL
- Team does white box testing and require folks to perform manual source code review and dynamic penetration testing.
- Duties include providing deep-dive application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures. Typical assignments will involve in-depth testing of the security of critical applications and discover possible gaps through use threat model, source code review, application behavior analysis, and other security framework or best practices, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE. The candidate will be expected to act as a subject matter expert in offensive information security specialized in web programming and applications technology.
Qualifications: Pre-requisites for this position are at least a Bachelor's Degree with 3 - 7 years of experience on most of the following:
- Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
- Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on applications
- Strong development background in J2EE or .NET, Web frameworks
- Understanding and debugging application build/compilation related errors is required. Experience with Java IDE's - Knowledge of web servers, application servers, build tools, etc.
- Performing manual source code review for security vulnerabilities
- Dynamic penetration testing and vulnerability assessment using ethical hacking, security control and countermeasure skills. Comfortable with tools like Burp Proxy, AppScan, and WebInspect.
- Utilizing networking skills to perform threat modeling on web applications
- Writing formal security assessment report for each application, using our company's standard reporting format
- Participate in conference calls to help application team understand the issue, associated security risk, and the remediation options, if required. Report directly to management for any major flaws identified.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential
Need one of the following:
- Strong enterprise web application development background with good understanding of application security
- Strong application security testing background with good understanding of enterprise web application development