The Software Security Analyst will assist the Network Security Team Lead in developing a Software Security Testing program for both internally and externally developed systems. The Software Security Analyst will work with the in-house Applications development team and/or on project teams for new systems being introduced to the network environment.
Education and Experience:
Bachelor's Degree in Computer Science of a related discipline is preferred
Minimum 3 years in a Software Security position with a strong background in User Authentication.
Must have a strong knowledge of web application security best practices (C#, ASP.NET, VB.NET, Classic ASP)
Experience in Penetration Testing is a must.
Knowledge in Python and Python scripting.
SQL DB testing - Proficient in SQL injection and form validation.
Should also have a strong background in SQL querying.
High level of knowledge in Web services and Web Services API frameworks.
Linux experience as a Security tool is a plus (i.e. Kali, etc.)
Linux Python ASP.net OWASP SQL Active Directory Scripting Knowledge of the MITRE Framework.
• The primary role of this position will be to perform application security testing for applications developed both in house, or purchased from a vendor.
• Mobile platforms (iPhone, Android, QNX) and mobile software development
• Hands on experience with system attack and penetration testing tools, such as metasploit and others
• Experience developing in QNX and other embedded operating systems
• Experience in developing personal and enterprise security products
• Develop a DEVOPs program to ensure a Development Lifecycle is followed using OWASP and other industry standards.
• Understanding of enterprise platforms (JavaEE, .NET), Cloud Computing, Web Services principles and Service Oriented Architecture (SOAs) and frameworks such as Spring.
• Ensure that best practices are used in the development and implementation of new system software.
• Assist with malware and other malicious code analysis.
• Contribute to the development of a Penetration Testing strategy including Web services testing, wireless testing, and application pen testing.
• Assist with analysis and assessment of security risks.
• Experience with malware analysis tools and techniques
• Ensure protection of all classified data (HIPAA, PII, PHI, and CJIS).
500 Griswold, 13th Floor Detroit, MI, 48226Contact