Job Description :
Title: Sr. AppSec Analyst- Vulnerability Management Duration: 9 Months Potential for FTE Conversion? Yes Location : Atlanta, GA. Overview Sr. AppSec Analyst - leads web application security remediation initiatives for the Client Cybersecurity Office and serves as an active member of teams that define the application security strategy. A combination of technical acumen and creative thinking is necessary to address matters of threat identification and mitigation. Unlike other security organizations, a consultative and collaborative mindset is of paramount importance. Major Duties & Responsibilities The successful individual will: Application Security: Serve as a subject matter expert for all matters relating to remediation of web application security vulnerabilities and container security vulnerabilities Leverage a combination of tools such as static analysis (SAST), dynamic analysis (DAST), container registry scanners to identify web application vulnerabilities, vulnerable dependencies, and vulnerabilities within source code Consult with various development teams to facilitate the closure of web application vulnerabilities Own the remediation of security vulnerabilities identified through bug bounty programs. Stay apprised of security risks associated with frameworks such as PHP, Java, JavaScript, Ruby on Rails, and .NET Stay apprised of security risks with Content Management Systems such as Drupal, Wordpress, and in-house developed CMS. Develop capabilities necessary to monitor and detect web application attacks using web application firewalls, security scripts, tools, and services Other Responsibilities Understands vulnerabilities at an application, database, operating system and network level Provide technical input to security risk assessments Lead multiple complex projects and initiatives and use discretion when negotiating priorities Minimum Requirements/ Skills At least 3 years experience in web application space with a minimum 2 years information security experience. 1 year experience with identifying vulnerabilities associated with the OWASP Top 10. Must have experience working with Information Security programs. Must have experience with security vulnerability scanners and application scanners (Burp, ZAP, IBM AppScan, Whitehat Demonstrated ability to successfully perform analysis, support, training, reporting, testing, and project management across multiple, complex system implementations with custom and third-party applications Advanced problem solving and analytical skills Desired Experience Experience with relational databases and queries Ethical hacking and forensic analysis training Educational Requirements Bachelor degree in computer science or related field