Senior Cybersecurity Analyst

Job Description

Position Name: Senior Cybersecurity Analyst

RESPONSIBILITIES

• Identify potential risks, threats, vulnerabilities and exploits in applications through architecture review, threat modeling, secure code review, and penetration testing
• Define information security policies and standards that support secure coding practices
• Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities
• Educate employees on secure coding and development best practices

REQUIRED SKILLS

• 2+ years of relevant Security Engineering or Penetration Testing experience
• Bachelors or Masters in Computer Science/Engineering or related field
• Thorough, detail - oriented and quality - driven with excellent communication and inter - personal skills
• Familiarity of SSDLC (Secure Software Development Life Cycle) or SDL (Secure Development Lifecycle)
• Knowledge of common software and web application vulnerabilities, such as the OWASP Top 10.
• Participate as a member of a 7x24 on - call rotation
• Software Engineering experience developing/debugging is a significant plus
• Relevant industry training and/or certification: CSSLP, CISSP, OSCP, GWAPT, or GPEN
• Able to deliver quality results in a high - energy/high - pressure environment
• Ability to multi - task and manage demands of many projects, issues, and tasks
• Ability to perform duties with minimal supervision

TOOLS AND CAPABILITIES

• Nexpose, Fortify, AppSpider, Nessus, Burp Suite, w3af, sqlmap, Nikto, nmap, Metasploit and Webscarab
• TCP/IP, HTTP(S), XMPP and DNS
• Firewalls, IDS/IPS and WAF
• C, C++, Objective - C, Java or .Net
• MySQL, MSSQL, NoSQL
• Perl, Python or PHP

Professional Position Overview:

The Application Security Engineer will be responsible for completing the following tasks:

• Identification of potential risks, threats, flaws, vulnerabilities and exploits in applications
• Perform architecture design reviews of applications
• Perform secure code reviews of applications
• Engage in threat modeling activities to identify necessary security controls
• Perform dynamic and penetration testing of applications
• Aide in the definition and maintenance of security policies and standards to support the Secure Development LifeCycle
• Support the automation of security testing to drive efficiency in discovery, tracking and resolution of security vulnerabilities
• Assist in the education of engineers on secure coding and development best practices

The Application Security Engineer in this position will spend 85% of their time performing Application Security Reviews for business applications and services. In this role you are expected to:

• Understand the internal review process and procedures for assessing the security state of applications and services
• Have a strong working knowledge of software and web application vulnerabilities, such as the OWASP Top 10.
• Understand Application Security tools and related software used for performing security reviews
• Perform threat modeling of applications to identify effective controls necessary
• Perform analysis of application architectural design to ensure security compliance
• Perform manual and automated static code analysis to identify vulnerabilities and flaws
• Perform manual and automated dynamic application security testing
• Document findings and drive remediation validation of identified vulnerabilities
• Support on - call activities and rotation

The Application Security Engineer in this position will spend 5% of their time providing support and assistance to existing security automation, policies and procedures. In this role you are expected to:

• Maintain policies and procedures documentation and communicate needed enhancements
• Assist in generating requirements for security automation
• Assist in the implementation of security tools to security and development environments

Keyskills :
sieminformation security networkingcustomer relations idssecure code review application security testingburp suite