Job Description :
Job Title: IT Security Specialist I (IT)
Location: Detroit, MI
Duration: 5+ Months
Type: Contract
RESPONSIBILITIES:
General Description:
Cyber Security Assessment - Application Security Specialist I
General Purpose:
The Application Security Specialist I will report to the Cyber Security Engineering Manager and will be responsible for providing assistance in planning, designing and executing application security assessment efforts as assigned.
The application security analyst will be responsible for performing manual and automated security assessments.
In addition to being involved in the review of business requirements, test cases, and other project artifacts.
Additional duties to include tracking open application security risks and validating that appropriate remediation and mitigation tasks are being implemented.
QUALIFICATIONS:
TOP 3 SKILLS/EXPERIENCE:
Experience in planning and implementing security test efforts, which includes manual security testing and developing custom security assessment scripts or programs.
Experience utilizing vulnerability assessment tools such as Nessus, AppDetective, Burp Suite, WebInspect, AppScan, and Fortify.
Practical knowledge and experience with OWASP top ten issues with an understanding of web-based application vulnerabilities.
Position Responsibilities:
Coordinate system assessments with appropriate project personnel and other program elements to conduct application security assessments.
Assists in the creation, design, and implementation of assessment plans around testing the security of systems, processes and their environment.
Ability to use and configure security tools.
Responsible for writing security assessment plans. Maintain records of assessment progress, documents result, prepares reports and presents results as appropriate
Assists in reviewing requirements and security risk documents, and assists in defining security assessment scenarios
Conduct hands-on security assessments, analyze test results, documents risk, and recommend countermeasures
Develop, assemble, and submit testing results and reports for review by Security Engineers
More Qualifications:
Bachelor’s degree in Computer Science, Information Systems, Engineering or related major
Experience with a variety of information security processes and technologies such as:
Common operating systems, network protocols, web services and databases
Risk assessment and management
Application security and systems development life cycle
Data and systems integrity controls
Encryption technology
Change control and release management
Network and application security assessment
Ability to adjust to changing priorities while multitasking effectively
Experience in planning and implementing security test efforts, which includes manual security testing and developing custom security assessment scripts or programs
Experience utilizing vulnerability assessment tools such as Nessus, AppDetective, Burp Suite, WebInspect, AppScan, and Fortify.
Practical knowledge and experience with OWASP top ten issues with an understanding of web-based application vulnerabilities
Self-motivated with ability to work with minimal supervision.
Excellent problem-solving skills.
Application development experience with programming languages such as Java, C, C++, C#, asp, and .NET
Ability to review and audit source code analysis report
Minimum 5-year experience in a security or related IT function
Security Certification (i.e. CISSP, CISM, Security +, GIAC, etc