Cyber Security Analysts Application Tester

Posted 13 October 2022
Location Houston, United States of America
Job type Contract
DisciplineIT
Reference8058

Job Description

Cyber Security Analysts Application Tester

Location: Houston, TX or Tulsa, OK

Description:

The Cyber Security Analysts Application Tester will be executing application testing against applications used or developed by our applications and systems. This will include web applications, SOAP and REST API integrations running on either cloud or on-prem infrastructure. In this role, you will manage the process of scheduling, and carry out application tests on an array of technology stacks, security testing support to enable DevSecOps, and consult on risk levels of vulnerabilities to help product team prioritize their corrective actions per the vulnerability management standards. In addition, in times of incident response, the Application Tester may be asked to contribute to forensics digital evidence gathering and/or technical response lead. The Cyber Security Analyst is also responsible for following processes and procedures as defined by Digital Security and IT leadership teams.

Responsibilities:

  • Perform application testing

  • Leverage and manage existing tools for application testing to detect weaknesses or possible incidents building on methodologies as such as OWASP, PCI, NIST, etc.

  • Configure security testing platforms and tools

  • Manage procedures for applications tests

  • Perform application testing on our internal and external facing applications

  • Perform threat modeling for existing applications

  • Perform proactive research to detect new attack vectors

  • Correctly balance security risk and product advancement

  • Training and coaching new analysts

  • Develop, maintain, and socialize secure coding guidelines and best practices

  • Work with developers to assist in designing and architecting secure systems

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Coach development teams on how to resolve and prevent vulnerabilities

  • Be a security subject matter expert and respond to any internal security engineering questions/requests


Required Qualifications:

  • Must be able to understand the diverse business requirements and be able to translate those requirements into applicable solutions

  • Ability to present and explain technical information to diverse audiences

  • Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp Suite

  • Bachelor's degree in computer science, MIS, or equivalent technology discipline

  • 3+ years' experience in cyber security

  • 3+ years' experience in application penetration testing

  • 2+ years of experience with DAST and SAST Testing on web applications and web services.

  • Experience with web applications, databases, operating systems, and public cloud providers

  • Experience in penetration testing large and complex applications

  • Knowledge in development background using multiple development tools, techniques, and platform technologies

  • Experience in vulnerability assessment testing process and procedures

  • Knowledge of various identification and authentication schemes, Public Key Infrastructure, and Identity Management

  • Programming experience with focus on penetration testing or process automation

  • A thorough understanding of cyber security best practices and the ability to effectively apply those practices

  • Proven ability to quickly learn new processes and tools, business domains and technical applications

  • Ability to think technically and analytically

  • Ability to develop effective relationships and work well within a team

  • Must be a self-starter and detail-oriented

  • Must have a positive and energetic demeanor

  • Effective written and verbal communication skills

  • Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.

  • Creative problem-solving skills


Preferred Qualifications:

  • Professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP

  • Knowledge in secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static, and dynamic code analysis)

  • Experienced in the use of source code scanners and the ability to manually validate findings/eliminate false positives

  • Familiar with the use of various manual and dynamic application vulnerability testing suites

  • Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner

  • Proficiency with scripting languages (e.g., Python, Bash, PowerShell)

  • Applied Threat Modeling methodologies

  • Experience with regulatory compliance, policy development, and policy enforcement

  • Experience with various compliance standards (NIST SP 800 series, PCI, SOX)