Job Description :
Hi,
Location : Louisville, KY, USA (Humana)
Duration: Long term
Job Title : Security tester Consultant
C2C candidate pls apply
At least 10+ years of experience in Application security
Good understanding of OWASP Top 10 & OWASP Mobile Top 10with practical
skills to perform secure code reviews, dynamic security assessments. & At
least 5 years of experience in .net with Web API development and Web
Security profiling
* Very good experience in Azure/.Net applications, C#, web API
programming, Java scripting
* REST API Concepts, Verbs, difference between Verbs, Design Patterns
* Good knowledge in Dependency Injections, Factory Patterns and
Singleton, Multi-threading in Web API Security
* Experience in Performance difference between SOAP , REST API, React
JS and JQuery
* Good understanding of Android /iOS programming constructs & Dynamic
security assessment exposure
* Good Understanding of Secure DevOps integrations
* Proactive attitude to deal with volumes of flags and larger
applications with accuracy to detail while scoping, configuring scans.
* Ability to be multi-tasking and meet the timelines/SLA.
* CEH certification/Security+ is mandatory with minimum of 2+ yrs. of
experience
* Hands on ability to generate POC for flags, interpret findings and
facilitate remediation assistance with moderate/less supervision.
* Ability to perform mobile security assessments (static/dynamic) will
be added advantage.
* Predominant technology land-scape for app-security was 60% of .Net
apps, 25% of Java, 15% of mix of different technologies. Hence ability to
interpret programing constructs are mandatory.
* Good communication and written skills is mandatory (As our analyst
has to speak with dev. Teams across Humana with business folks spanning from
different time zone)
* Expected to work in regular work schedule with set expectation.
* Ability to work with enterprise security tools IBM Appscan
Source/Standard, Cigital SecureAssist, BurpSuite pro,CheckMarx etc.
* Remediation Assistance for both App& Mobile security with wide
variety of programming languages on different platforms
* Security/CEH/CISSP preferred with hands-on expertise to deal with
multiple stakeholders
Required :
* IBM Appscan Enterprise (SAST + DAST + Administration) APP-SECURITY
* Checkmarx {SAST + wriring custom queries & rules in checkmark (more
of customizing patterns and integrating with devops approach) }
APP-SECURITY
* Microsoft TFS/VSTS
* Secure DevOps integrations
Preferred :
* Secure Assist (SAST) APP-SECURITY
* Now Secure (SAST + DAST + Devops Integration) Mobile-App
Security for Android/iOS
* Jenkins
* Docker