Job Description :
Hello,
Greeting from KrishAnsh!!
We are looking for a candidate for the position of Application Security Test Analyst.
Role: Application Security Test Analyst
Duration: Contract
Location: Louisville, KY
Job Description:
· Good understanding of OWASP Top 10 & OWASP Mobile Top 10with practical skills to perform secure code reviews, dynamic security assessments. & At least 5 years of experience in .net with Web API development and Web Security profiling
· Very good experience in Azure/.Net applications, C#, web API programming, Java scripting
· REST API Concepts, Verbs, difference between Verbs, Design Patterns
· Good knowledge in Dependency Injections, Factory Patterns and Singleton, Multi-threading in Web API Security
· Experience in Performance difference between SOAP , REST API and React JS and JQuery
· Good understanding of Android /iOS programming constructs & Dynamic security assessment exposure
· Good Understanding of Secure DevOps integrations
· Proactive attitude to deal with volumes of flags and larger applications with accuracy to detail while scoping, configuring scans.
· Ability to be multi-tasking and meet the timelines/SLA.
· CEH certification/Security+ is mandatory with minimum of 2+ yrs. of experience
· Hands on ability to generate POC for flags, interpret findings and facilitate remediation assistance with moderate/less supervision.
· Ability to perform mobile security assessments (static/dynamic) will be added advantage.
· Predominant technology land-scape for app-security was 60% of .Net apps, 25% of Java, 15% of mix of different technologies. Hence ability to interpret programing constructs are mandatory.
· Good communication and written skills is mandatory (As our analyst has to speak with dev. Teams across Humana with business folks spanning from different time zone)
· Expected to work in regular work schedule (9.30 – 6.30 PM) with set expectation to work on morning or afternoon shift based, if any required (rarely
· Ability to work with enterprise security tools IBM Appscan Source/Standard, Cigital SecureAssist, BurpSuite pro etc.
· Remediation Assistance for both App& Mobile security with wide variety of programming languages on different platforms
· Security/CEH/CISSP preferred with hands-on expertise to deal with multiple stakeholders
Required :
· IBM Appscan Enterprise (SAST + DAST + Administration) APP-SECURITY
· Checkmarx {SAST + wriring custom queries & rules in checkmark (more of customizing patterns and integrating with devops approach) } APP-SECURITY
· Microsoft TFS
· Secure DevOps integrations
Preferred :
· Secure Assist (SAST) APP-SECURITY
· Now Secure (SAST + DAST + Devops Integration) Mobile-App Security for Android/iOS
· Jenkins
· Docker