Job Description :
Job Description:
The customer is an online insurance marketplace for state sponsored health insurance in the US.
They follow OWASP top 10 and Mars-E 2.0 health insurance compliance standard. There is more visibility for security engineering initiative now since state health insurance users brought it up in a user conference. They do get periodic tool based reports (using FOD) and is following process to have dev engineers look into this.
Candidate has to be a solid Security Engineering developer – Expectation is as below.
We need someone who can go to technical depth. For example, some questions will be around TLS 1.2, misusing XML to delete a file, protecting cookies, technical depth in XSS, etc.
He/she will have to review the vulnerabilities, reproduce the issue, collaborate with the application dev team and if required remediate the issue.
Experience in Burp Suite is desirable.
Desirable if the candidate has a Certified Ethical Hacker (CEH) Certification.


Client : Insurance client