Senior Information Security Analyst

Active Directory, CISSP, DNS, Directory Services, Firewall, Fortify, Hosting, IBM Security AppScan, Communication skills, Infrastructure, Information security, Java, Manual testing, Mobile applications, Network design, Networking, OWASP, Penetration testing, PKI, Python, Routing, Scripting, Software security, Security analysis, Security, Web services, Web applications, WebInspect, Web application security
Full Time
Depends on Experience
Work from home available

Job Description

Amarx Search, Inc.    

Direct Placement position in Goodlettsville, TN
Position ID: 2202

An excellent position with one of the largest US retailers

* Senior Information Security Analyst *

Please apply ONLY if you 5+ years of relevant security test experience

Visa sponsorship is not available for this position

We can ONLY consider your application if you have:

1: 5+ Years Combined Experience in 2 or More of the Following: Web Application Security Testing, Mobile Application Security Testing, API Security Testing, Network Penetration Testing, Source Code Security Analysis
2: Strong, Hands-on Experience with Security Testing Tools such as: DAST (e.g. Fortify WebInspect, Fortify WebInspect Enterprise, IBM AppScan), SAST (e.g. Fortify SCA, Checkmarx CxSAST), Development Collaboration Platforms (e.g. Fortify SSC, Gitlab, Jira), Web Proxy Tools (e.g. BurpSuite Professional / BurpSuite Enterprise, OWASP ZAP), Open-Source Testing Tools (e.g. Nmap, OpenSSL, Metasploit, SQLMap)
3: Understanding of Network/Server Technologies such as: Firewalls (Network, Host, and Web Application), Cloud Hosting, Containerization, DNS, Routing, and other Common Networking Principles, Directory Services / Active Directory, Web Server Platforms (IIS / Tomcat), API / Web Services, PKI / Web Certificates
4: Familiarity with Compiled/Scripting Languages (e.g. C#, JavaScript, Python, Java, Swift, Kotlin)
5: Strong, effective written and oral communications skills
6: Ability to clearly communicate pragmatic security risk and remediation recommendations to technical (e.g. developers) and non-technical audiences

We are looking for an outstanding hands-on application security professional to join an application security team. The ideal candidate must have extensive experience in application security testing.

DESIRED (not required) SKILLS:
:: Software development background
:: Active certification (e.g. OSCP, OSWE, CSSLP, CISSP)

Duties and Responsibilities
== Conduct security testing of web/mobile applications and web services/APIs, including source code security analysis (SAST) and dynamic (DAST) testing using a combination of commercial, open-source tools, and manual testing methods
== Perform security reviews of network infrastructure and endpoints hosted within the internal network as well as SaaS environments
== Adhere to best practice frameworks (e.g. OWASP)
== Use threat modeling tools to explore potential application, network, and infrastructure security-related threats
== Deliver timely and accurate security testing results to both technical and non-technical audiences
== Track and follow-up on remediation of identified security risks
== Act as liaison between application security teams, development teams, business units and vendors
== Provide subject matter expertise in security best practices and standards to ensure compliance with company security standards.
== Work closely with business units to determine work estimates and scope
== Propose and implement ideas to enhance and automate security-related processes
== Stay current on emerging technologies, products, and trends related to security solutions and testing techniques

Please send resume as a Microsoft Word attachment to

Amarx Search, Inc.    

Dice Id : amarx
Position Id : 2202
Originally Posted : 4 months ago
Have a Job? Post it