Key skills:
** Understanding of command lines;
** Penetration experience with web applications, mobile and API’s;
** Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and application security workflows.
** Must have excellent communication skills, self-starter who will take initiative and lead, able to mentor and coach junior team members.
** Strong attention to detail and strong technical aptitude.
Job Description:
Join an exciting team of appsec heros
Cyber Security Detection and Response Sr. Analyst
The Work Itself
-
Perform penetration testing against products and systems, including web applications, web services, and mobile devices.
-
Assist with coordination of vendor pen testing services with internal development teams.
-
Collaborate with stakeholders to develop remediation strategies.
-
Demonstrating practical/working exploitation of security flaws.
-
Develop and enhance process to automate the delivery of application security metrics.
-
Review SAST/DAST output for false positives. Assist development with remediation.
-
Serve as an application security subject matter expert.
-
Participate in threat modeling exercises.
-
Effectively communicate vulnerability details, risks, and potential impacts to, application owners, developers, stakeholders, and partners.
-
Act as a mentor for junior team members/interns.
-
Design, implement, and support security-focused tools and services.
-
Develop tools that improve security testing, reporting, and monitoring.
The Skills You Bring
Requirements
-
5+ years of experience in manual penetration testing of web and mobile applications.
-
Identify, research, and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.
-
Ability to interact with company personnel at all levels and across all business units to comprehend business imperatives. A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
-
Competent to work independently at an advanced technical level.
-
Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.
-
Understanding of cloud technologies and environments (AWS, Azure, Google).
-
Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
-
Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives.
-
Ability to work under pressure and manage competing priorities.
-
Knowledge of web application frameworks, deployment technologies and security software.
-
Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities.
-
Strong writing skills to produce detailed reports for consumption by stakeholders at all levels from operations to executive.
Desired Skillset, Experience, and/or Training
-
Proven work experience in manual secure code review.
-
Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and application security workflows.
-
GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications.
-
Desired scripting experience: One or more of Python, JavaScript, PowerShell, shell script, Ruby, PHP, LUA etc.
-
Bachelor’s degree in Information Technology or Computer Science, or equivalent experience.
-
Inherent passion for information security and service excellence.
-
The ability to adapt to new situations and the desire to learn and stay current with AppSec trends, threats, and risks.