Job Description :
Position: Sr. Vulnerability Assessment Analyst & Dynamic Penetration Tester
Location: Fort Lauderdale, FL
Duration: 6 month+
Job Responsibilities:
The duties for this role include:
Deep-dive application vulnerability assessment using a comprehensive testing process as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasure
Interfacing with development organizations to onboard applications and perform dynamic code reviews using tools like Burp Proxy, IBM AppScan and WebInspect
Perform dynamic penetration testing and vulnerability assessment using ethical hacking, security control and countermeasure skills
Integration of security tools with build environments to ensure iterative scanning during the SDLC Typical assignments will involve in-depth testing of the security of critical applications & discovering possible gaps using threat model, source code review, application behavior analysis and other security framework or best practices, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE. The candidate will be expected to act as a subject matter expert in offensive information security specialized in web programming and applications technology. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments. The majority of the team has achieved industry standard security certifications (CISSP, CEH, GIAC, etc over time and is are looking for individuals who are eager to learn. The duties will include providing source code review services through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.
In addition, the role will be responsible for:
Validating automated testing results and prioritizing them based on the overall risk
Verifying findings as needed with application development team
Performing application scanning using binaries
Performing manual source code review for security vulnerabilities
Write formal security assessment report for each application using the company''s standard reporting format
Articulating security issues to technical and nontechnical audience
Participating in conference calls with the engineering team to ensure proper scan coverage and effective results
Reporting directly to management for any major flaws identified.
Rerun the scans on weekly basis
Participating in conference calls with application team to help understand the security risk, if required
Mandatory Qualifications, Experience & Skills Required:
Bachelor''s Degree in Computer Science or Information Systems with 3 to 10 years'' experience in most of the following: o
Strong development background in J2EE or .NET & Web frameworks o
Strong knowledge of web application technology, e.g. Application Servers, Web Servers, Databases o
Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience o Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side o
Conducting one or more of the following functions:
Application vulnerability assessments ? Source code review? Application architecture reviews or threat modeling o Using tools such as Burp Proxy, IBM AppScan, WebInspect, etc.
A basic understanding of security, web based and infrastructure vulnerabilities o Experience with IDE''s such as knowledge of web servers, application servers, build tools, etc.
Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems o Understanding and debugging application build/compilation related errors
Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management Additionally, the candidate must have or be willing to obtain Industry accredited security certifications (such as GIAC GXPN, GPEN, GCIH, CISSP, CEH, etc