Position Description :
We are seeking an Senior Application Security Analyst to join the Application Security & Vulnerability Management Division of Information Technology.
Application Security & Vulnerability Management Division is responsible for assessing application security by identifying, reporting and tracking vulnerabilities related to the application and its underlying components, as well as tracking compliance of IT systems.
This applies to third party applications, in-house developed applications, appliance based systems and any combination of the above.
The Senior Application Security Analyst primary role is for day-to-day vulnerability assessment, reporting and tracking.
The analyst will also perform penetration tests of relevant applications and systems to ensure that they meet required security measures and identify any weaknesses or security flaws.
Minimum Requirements :
As the successful candidate, you will hold a Bachelor’s degree in Computer Science from a recognized and approved program.
An advanced degree is preferred.
You must have seven or more years of experience in cybersecurity, including at least five in application security.
You must have a strong understanding of conducting penetration testing against all components including but not limited to operating system, network devices and application middleware.
document management; hardware and software troubleshooting; electronic mail systems. You need to demonstrate familiarity with common protocols such as : DNS, DHCP, LDAP S , SNMP, SMTP, HTTP S , and SSL / TLS.
Experience with a range of operating systems such as RHEL (Red Hat Enterprise Linux), Windows 2012, Windows 10 and Windows 8 is preferred.
You will also be proficient with a wide range of penetration test tools and vulnerability assessment platforms.
You must have an understanding of compliance assessments against internal and external standards, vulnerability risk rating and recommending counter measures to address the risks.
Solid experience in evaluating the cumulative risk of multiple vulnerabilities and their contribution to the overall risk factor.
Two or more certifications are also necessary, such as Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst, Cisco Certified Network Associate (CCNA), appropriate SANS course or similar certification or equivalent academic courses (higher education).
The preferred candidate will also have excellent verbal and written communication skills, being able to clearly evidence and present findings to both a technical and a managerial audience.
Duties & Responsibilities :
You will be required to perform the following :
Compliance audits against internal and external standards for multiple applications.
Application penetration tests using various web proxy toolkits. Predominantly Portswigger’s Burp, but also including OWASP ZAP, Fiddler and SoapUI.
Penetration testing using a full suite of penetration test tools and frameworks; including Metasploit, nmap, openssl and all tools typically found in Kali 2017.3.
Vulnerability Analysis using Rapid7’s Nexpose and Metasploit Pro frameworks.
Perform wireless penetration testing using tools such as Kismet, FernPro and Wifi Pineapple.
Support internal projects with IT Security consultation activities.
Deliver technical reports clearly documenting findings.