Job Description :
new position 05/16 - SME_WAT_654
Client: State of ME - Direct
Rate: $40/hr on C2C
Job Title: Web Application Security Tester
Location: Augusta, ME
Duration: 6 Months
Position Type: Contract
Interview Type: Phone or In-Person
Required Skills:
* Windows; Intermediate
* UNIX/LINUX; Intermediate
* Java; Beginner
* PHP; Beginner
* HTML; Intermediate
* Manual Testing; Beginner
* ATE; Beginner
* JIRA; Beginner
* AppScan or similar automated Web Security Testing tool
Job Description:
This position''s primary responsibility is to coordinate, work with applicat=
ion/development customers, and vendors to detect, analyze and assist in rem=
ediation activities with Client Web Applications.
Additional responsibilities include:
* Trains and supports staff to ensure familiarity with new prod=
ucts and procedures.
* Answers inbound support calls to assist customers with inform=
ation technology related issues.
* Participates in the development of internal data management p=
lans and coordinates plans and activities with personnel of other agencies =
to avoid duplication of efforts, share information, and maximize system eff=
iciency.
* Participates in the planning, implementation, and management =
of special projects to develop project management skills and provide assist=
ance in achieving agency information systems objectives.
* Researches, analyzes, recommends, installs, and configures ha=
rdware, software, and networks for PC''s/servers with multi-user operating a=
nd/or networking systems to establish and maintain agency information syste=
ms.
Work Effort Breakdown:
* 20%: Provide analysis of penetration of vulnerability testing
* 10%: Provide defense against hacking and attacks on SOM syste=
ms
* 50%: Perform static and automatic testing of Web Application
* 20%: Coordinate remediation efforts with internal and externa=
l customers
REQUIRED KNOWLEDGE/SKILLS/ABILITIES:
* Knowledge of Web Vulnerability/Risk assessment processes
* Knowledge of OWASP top 10 vulnerabilities
* Understanding of Web Application security principles around t=
he availability, confidentiality and integrity of data
* Experience using automated Web application security test soft=
ware
* Knowledge of complex multi-user network systems.
* Knowledge of complex software applications on PC''s, servers, =
and networks.
* Knowledge of operating systems on PC''s and servers.
* Knowledge of Ethernet networking, IP addressing and TCP/IP.
* Knowledge of proper computer system data security/backup proc=
edures.
* Knowledge of basic supervisory techniques.
* Ability to troubleshoot and solve complex technical computer =
problems.
* Ability to communicate effectively, write clearly, and presen=
t security concepts to non-technical audiences.
* Ability to perform research and make recommendations to manag=
ement on technical computer issues.
* Ability to detect and determine potentially serious security =
hazards on the network
* Ability to develop and manage user-oriented computing activit=
ies.
* Ability to develop and coordinate training programs.
* Ability to train personnel in all phases of computer utilizat=
ion and application.
* Ability to perform work requiring lifting and/or physical exe=
rtion may be required.
* Ability to document, author, and produce written test plans, =
test reports, operating instructions, standard operating procedures, and te=
chnical documentation.