Job Role: Apps Security Analyst
Job Location: Newark, NJ
Duration: Full Time (Permanent)
The Application Security Analyst will partner with developers and business owners from applicable technical teams to conduct application security assessments on software such as operating systems and web applications. The individual will work closely with technical teams and analyse potential impacts and pitfalls associated with threats and vulnerabilities to high risk assets. Candidate will advise technical teams on options to mitigate and accordingly must have excellent verbal, written and interpersonal communication skills.
- Perform dynamic Vulnerability Analysis of web applications and infrastructure components to reduce the security risk to the organization
- Research new and emerging threats and incorporate test vectors for detection
- Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps.
- Communicate to development teams and senior managers vulnerabilities
- Create and deliver knowledge sharing presentations and documentation to developers and operations teams
- Learn on the job and explore new technologies with little supervision to identify new and emerging security threats
- Help drive design decisions based on known vulnerabilities
- Application security tools such as: HTTP and TCP Proxies, Fuzzers, Scanners, Debuggers, Simulators, etc
- Common vulnerabilities in the OWASP top 10 list
- Protocols/technologies such as SOA, HTTP, SSL, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML
- Java Application and Java Application Server administration/tuning
- Amazon Web Services (AWS) and/or VMware vCloud and/or Docker
- Ability to understand software design algorithms
- Strong knowledge of one or more of the following programming languages: Java, C#, C, C++, SQL is preferred
- Ability to write scripts in languages such as Python, BASH, or PowerShell for automation
- Ability to Read And Debug Code preferred
- Requires bachelor's degree in Computer Science
- Requires a minimum of 4 years technical work experience analysing and decomposing application architectures to identify security gaps as well as experience in threat modelling (or a master's degree and 2 years of technical work experience analysing and decomposing application architectures to identify security gaps as well as experience in threat modelling).
- Prefer one of the above years in web application penetration testing experience.
- SANS Web Penetration Testing Certifications