Application Security Tester

Application Security Tester

Requirements

• Bachelor’s Degree or equivalent work experience: Computer Science or equivalent field.
• 5+ Years Experience in information security, governance, IT audit, or risk management.
• 5+ Years SAS experience.
• Must have experience with web application and code vulnerability scanning tools such as AppScan, Fortify, WebInspect, Burp Suite.
• Acts as a subject matter expert (SME) while providing leadership, and guidance.
• Security certifications a plus.
• Ethical hacking experience is a plus.
• Exposure to IT risk management is a plus.
• Proven relationship building skills working with mid to senior level management and cross-functional teams; understands risks; additional focus on leadership; strong interpersonal skills; delivers precise, accurate results to meet commitments; mentors other team members.
• Demonstrated presentation development; tailors message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations.

Responsibilities

• Detecting threat and vulnerabilities in target systems, networks and applications by conducting systems, network, web vulnerability assessment and security testing.
• Identifying the security flaws and weaknesses in the systems that can be exploited to cause business risk, and providing crucial insights into the most pressing issues, suggesting how to prioritize security resources.
• Conducts Software Composition Analysis, SAST, DAST and Penetration testing.
• Post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure.
• Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements.
• Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications, and systems.
• Conducts security research on threats and remediation methods.
• Conducts vulnerability assessment on the target IT Infrastructure, applications, and related information assets.
• Conducts walk-through of the assessment report to the stakeholders and help define remediation plan.
• Creates process improvement by identifying inefficiencies and solutions for process improvements.
• Develops and maintains a set of operational and forward-looking security metrics.
• Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications, and other information assets.
• Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value.
• Oversees monitoring of security reports to identify issues and follow these issues to resolution.
• Performs web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc.).
• Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review.
• Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting.
• Provides direction and act as an escalation point on projects and issues to other team members.
• Provides technical security consulting support to address complex business and technology projects and requests.

Preferred Qualifications

• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.