Threat & Vulnerability Web and ASM (Attack Surface Management) Analyst

Desired Skills:

• 5+ years of experience in Web Security, Operations, Engineering or Systems Management.
• Hands-on expertise working with enterprise network architectures, operating systems, system administration or as a security engineer.
• Knowledge of web application security and system hardening best practices; including but not limited to web frameworks, open source technologies and software development life cycle (SDLC) processes.
• Experience working with scripting languages like Python to ingest and process data.
• Strong understanding of web application security threats, vulnerabilities, countermeasures including the use of Defensive Headers and Transport Layer Security (TLS).
• Strong understanding of domain name services (DNS), including threats related to the misconfiguration of DNS records.
• Experience analyzing vulnerability findings from IT and security tools.
• An understanding of information security standards and best practices such as OWASP, NIST, CVE, CPE and CVSS.
• Ability to interpret complex data sets to make informed risk-based decisions.
• Can effectively manage complex tasks, projects, and initiatives.
• Strong written and verbal communication skills.

We'd love to see:

• Experience with reputational scoring services such as Bitsight, Security Scorecard or Panorays.
• Experience using attack surface management (ASM) and attack surface discovery (ASD) solutions.
• Experience using web application testing tools and commercial scanners (e.g; Burp Suite, Edgescan, InsightAppsec).
• Experience using Application Programming Interfaces.
• Understanding of virtualization and public cloud tech stacks.
• Ability to learn and implement technologies quickly.
• A bachelor's degree in Computer Science, Engineering, or other related fields.
• One of more Information Security oriented professional certifications.