Job Description :
Role: Vulnerability Risk Management - Infrastructure & Web Application Security Role
Location: Indianapolis IN
Position Type: Contract to Hire
Must have skills
* DAST (Dynamic Application Security Testing) Experience – Acunetix would be great but other tools like IBM AppScan should be good too.
o Desired experience: Using these tools to schedule scans, generate reports and assist the development team on the remediation.
* SAST (Static Application Security Testing) Experience – Checkmarx would be great but other tools like HP Fortify should be good too.
o Desired experience: Using these tools to schedule scans, generate reports and assist the development team on the remediation. The SAST service will be taken over by the VRM team during the second half of this year so the Lilly team should find this experience impressive.
* Experience conducting scans on the network to identify assets and vulnerabilities
Good to have skills
·Experience with Burp Suite to capture requests and assist in false positive isolation and vulnerability remediation
·Experience with a risk prioritization \ aggregation solution like Kenna Security
Required Technical Skill Set:
* Vulnerability management identification, Analysis, governance, risk and compliance.
* Data, Threat and risk analysis and mitigation.
* IBM Appscan,
* HP fortify,
* Burpsuite,
* Acunetix
* CheckMarx
* Static application security testing
* Dynamic application security testing
* Networking & Telecommunication.
* System administration (Windows, Linux, Unix, Mac OS X,iOS)
* Databases (Oracle, sql server, MySQL)
* Web servers ( Apache, MS IIS)
* Web application Net, Java, Cold fusion, PHP, Node.js, Ruby on Rails)
* Authentication/Access controls (MS Active directory/LDAP
* Analytical thinking & strong written and communication skills.
Good-to-Have: CISSP,CRISC,CEH,GIAC certification