Application Security Analyst - Managed AppSec

Do you enjoy digging into web applications to configure dynamic security scans? Are you driven to help companies improve their security posture? As an AppSec Analyst on our Managed AppSec team, you will be helping to support our customers in their journey to securing their web application portfolio.

About the Team

The Managed AppSec team provides actionable web application security findings and expertise to our customer base. The team is comprised of AppSec Analysts and Specialists who work closely together to deliver the service.

The Analysts perform tasks such as onboarding customer applications into Rapid7’s DAST solution (InsightAppSec), monitoring scans for issues/failures, and more. The Specialist team is responsible for validating vulnerabilities that are produced from the scans. Both teams work together to deliver findings to customers in a manner that is digestible, driving remediation and program success.

About the Role

The AppSec Analyst is responsible for configuring and running DAST scans on customer applications. They work with customers to ensure the in-scope applications are accessible, proper testing credentials are provisioned, and documentation is provided for any specific workflows or associated APIs. 

In this role, you will:

• Partner with MAS customers to collect and verify in-scope application information

• Onboard and configure customer applications in InsightAppSec

• Troubleshoot DAST scan failures/issues  

• Work with MAS customers to communicate any issues requiring their action/attention

• Regularly audit customer applications to verify accuracy and coverage

• Work closely with AppSec Specialists to gain a thorough understanding of all InsightAppSec findings

• Occasionally join check in calls with customers to review new findings and any scan issues

The skills you’ll bring include:

• Familiarity with common web application vulnerabilities (OWASP Top 10/CWE Top 25)

• Experience with using traffic proxying tools such as OWASP Zap and BurpSuite Pro

• Ability to explain web application security vulnerabilities to both technical and non-technical audiences 

• Proficiency with APIs and their associated documentation

• General understanding of the Software Development Life Cycle(SDLC)

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.
 

About Rapid7

At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what’s possible and drive extraordinary impact.

Here, we’re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 11,000+ global customers ahead of whatever’s next.

Join us and bring your unique experiences and perspectives to tackle some of the world’s biggest security challenges.

#LI-PB1