Application Penetration Test Analyst
- Interaction24, LLC
- Dallas, TX, 75201
- Full Time
- Experienced
Posted on
Job Description:
Application Penetration Test Analyst
-
The Application Penetration Test Analyst is responsible for the security testing and risk analysis of DTCC's software applications using various application security tools. Interaction with DTCC software developers to provide guidance, best practices and technical assistance in remediating software application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.
Qualifications
Must have
- Minimum of 5 years of software application penetration testing experience
- Expert on using Web Penetration Testing tools such as Burp Suite and WebInspect
- CEH - Certified Ethical Hacker Certification
- CISSP – Certified Information Systems Security Professional
- Bachelor's degree
- Experience in Static & Dynamic Code Analysis, OSS Reviews
Good to have
- Knowledge of Web Application Firewalls, Runtime Application Self-Protection (RASP) and Reverse Proxies
- Knowledge with public/hybrid clouds & cloud technologies utilizing Amazon Web Services (AWS) and applying that to application security tools/functions
- Ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
- Knowledge in Web Programming languages and Python development environments
- Knowledge in standard application development/management tools such as Jenkins, Git, Puppet, Chef, or Docker
- Scripting skills in Python or PowerShell is highly desirable
- A SANS, CISSP, OSCP, AWS Solutions, or Architect certification is preferred
Duties
- Perform Software Application Penetration Testing.
- Prepare vulnerability report that details finding, vulnerabilities, and test procedure.
- Explain application risks that have been identified during pen test to the software developers.
- Improve and maintain secure development standards and manage application security framework improvement projects
- Integrate security tools, standards and processes into the Software Development Life Cycle (SDLC) for both on-premises & cloud deployed applications
- Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
- Build a very close working relationship with DevSecOps and application development teams
- Improve application security tool stack including static analysis, runtime testing tools, RASP, integrating the tools in CI-CD and Reporting
- Work with our Threat Risk Management team and Development teams to develop application security requirements, security guidance, security architecture and technology solutions to address the existing and emerging application security issues for both on-prem and cloud deployed apps (agile and waterfall)
Company Description:
InterAction24, provides a range of search, selection and talent management solutions for organisations needing to recruit permanent professionals. We are recognized for our powerful in-house research function, the speed and flexibility of our response, and our high success rates in finding suitably qualified employees and interim staff.