Apps Security Analyst
job closed
company
A not-for-profit health service corporation- is best known for their managed care and traditional indemnity plans for individual and employers. Provides health insurance coverage for people throughout New Jersey.
overview
Tell Me About this Job: 1. Perform dynamic vulnerability analysis of web applications and infrastructure components to reduce the security risk to the organization 2. Craft custom proof of concept application exploits using testing tools and frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc 3. Research new and emerging threats and incorporate test vectors for detection 4. Write reports including recommendations, root cause analysis, security summary analysis, and project road maps. 5. Communicate to development teams and senior managers vulnerabilities 6. Create and deliver knowledge sharing presentations and documentation to developers and operations teams 7. Learn on the job and explore new technologies with little supervision to identify new and emerging security threats 8. Help drive design decisions based on known vulnerabilities "Must Have" Skills for This Job: 1. Requires bachelor's degree in computer science 2. Requires a minimum of 4 years technical work experience analyzing and decomposing application architectures to identify security gaps as well as experience in threat modeling (or a master's degree and 2 years of technical work experience analyzing and decomposing application architectures to identify security gaps as well as experience in threat modeling). 3. Prefer one of the above years in web application penetration testing experience. 4. SANS Web Penetration Testing Certifications preferred Knowledge/Skills: 1. Application security tools such as: HTTP and TCP proxies, fuzzers, scanners, debuggers, simulators, etc 2. Common vulnerabilities in the OWASP top 10 list 3. Protocols/technologies such as SOA, HTTP, SSL, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML 4. Java Application and Java Application Server administration/tuning 5. Amazon Web Services (AWS) and/or VMware vCloud and/or Docker 6. Ability to understand software design algorithms 7. Strong knowledge of one or more of the following programming languages: Java, C#, C, C++, SQL is preferred 8. Ability to write scripts in languages such as Python, BASH, or PowerShell for automation preferred 9. Ability to read and debug code preferred