IT Security and Technical Application Assessment Analyst

• Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
• Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
• Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
• Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.
• Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations.

Minimum qualifications:

• A bachelor's degree in an IT related field or equivalent work experience
• Certifications: Web security engineer certification, CEH, Secure code assessment or security related certifications preferred
• The ideal candidate has experience writing and testing web applications and webs services in the following programming languages: C/C++, Java, and JavaScript.
• The candidate should have familiarity with a variety of development and testing tools, including: Eclipse, GIT, GCC, JIRA, Subversion, Maven, Clear Quest/Case, Silk, Find Bugs, HP/Fortify SCA, IBM AppScan, and HP Web Inspect Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10 and discuss effective defensive techniques.
• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Hands on experience with testing frameworks such as the PTES and OWASP
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
• Critical thinker and problem solver
• Excellent organizational and time management skills
• In-depth knowledge of Information Technology field and computer systems.
• Highly refined communication skills including ability to negotiate, build consensus, clearly articulate to technical and non-technical audiences, communicate difficult messages in a professional and productive manner, excellent presentation and facilitation competency and ability to represent organization as a leader in cross-functional discussions/initiatives
• Familiarity with industry standards and regulations including PCI, ISO27001 is preferred.

Minimum experience:

• 3-7 years of direct experience in a global or enterprise-level Vulnerability Assessment and Penetaration testing.