Excellent opportunity with one of our client located in Ashburn, VA, following are the requirement details:
Position: Software QA Security Analyst
Location: Ashburn, VA
Duration: Full-time/ Contract to Hire
Duties & Responsibilities:
Reviews requirements documents to assess impact to security and develop test cases/abuse cases
Regularly reviews application design/implementation documentation for threat modeling, risk analysis and attack surface analysis and creates.
Regularly reviews applications source code/components for vulnerabilities and weakness both via manual and automated means.
Performs regular dynamic security testing of applications primarily manual testing but augmented by automated security test tools.
Performs regular dependency checks on the various components used by the developers to ensure no vulnerable component are used in the applications.
Reports all risks/vulnerabilities and create enhancements/bug tickets.
Recommends potential fixes to vulnerabilities where applicable.
Verifies all security enhancements/tickets to ensure that reported vulnerabilities have been successfully remediated.
Regularly performs security assessments of on-prem and cloud based deployments.
Continuously research threats and attack vectors that impact the company’s applications.
Stays updated with current offensive/defensive techniques and processes.
Actively study tech stack used in the applications in other to be able to provide guidance on design, usage, implementation and deployment (from security perspective).
Performs other duties as may be requested/assigned within area of expertise.
Proactively asks for tasks/assignments.
Regularly attend project team meetings.
Regularly provides status reports on progress of tasks.
Minimum Bachelor degree in IT or Computer Science/Engineering or related discipline, or the equivalent combination of education, professional training or work experience (6 years).
Must have 2-3yrs recent experience in performing manual web application vulnerability assessments.
Must have experience with SAST tools such as Fortify or other similar tools to review application source code.
Must have experience with DAST tools such as Burp suite, Owasp Zap or similar tools.
2-3 yrs. programming experience in Java, C# and related tech stacks. Must be able to read/comprehend source code in order to identify/test potentially vulnerable implementations.
Must be able to identify, document and exploit/defend security findings.
Good knowledge Owasp top 10 as well as be able to provide guidance on fixes.
Excellent analytical and problem solving skills.
Must have good communications skills.
Experience with participation in bug bounty programs.
Industry certifications such as CEH, CSSLP, OSCP or SANS certifications.
Experience with DevOPs/DevSecOPs models.
Working experience with container technologies such as Docker/Kubernetes.
Experience with cloud providers such as Aws and Azure.
Certifications in cloud providers such as Aws and Azure .
Experience testing rest APIs.
Experience testing modern SPA applications.
Experience in developing security exploits/POCs.
Experience in DevOps tools such as Chef, Ansible, Server Spec.
Experience in QA automation tools such as Selenium.
Experience with Windows and Linux servers (configuration, scripting, hardening).
Experience with QA testing methodology.
Loginsoft Consulting LLC