Contract - Security System Testing Analyst

Job ID 2735

**6 month contract with a potential to move into a Full Time role**


The Contract Security System Testing Analyst will be responsible for maintaining a fully mature enterprise-wide IT Application and System Security Testing program. This role is challenged with the responsibility of identifying and safeguarding applications, systems, and emerging technologies while applying information security best practices. In addition, this role will be responsible for enhancing a robust cyber security Software Development Lifecycle (SDLC). This position will also have operational responsibility in the disciplines of: vulnerability management; incident response; malware analysis; audit and compliance schedules; security best practices to large database and high-transaction software systems in the Telecommunications space; advancing the program development of key risk and performance indicators with documented metrics.

Some essential functions of the role include, but are not limited to the following:

  • Work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics
  • Maintain documented procedures and follow industry best practices for conducting application, system, and malware testing
  • Contribute to helping others learn industry security tradecraft
  • Perform application and system vulnerability assessments across the enterprise
  • Monitor overall IT Security Operations effectiveness
  • Assist with incident response and potential breach activities, on a 24x7 schedule, if necessary
  • Perform code reviews across a variety of programming languages and business units
  • Performing assessments of System Development Life Cycle (SDLC) processes
  • Developing test scripts and procedures to support the program’s tactical and strategic initiatives
  • Other security-related projects that may be assigned according to skills

Required Qualifications:

Candidates for this role must have direct experience with the following:

  • Minimum of 2+ years work experience in application security
  • Minimum education requirement of B.S. degree in Computer Science or equivalent work experience
  • -Strong ethics and understanding of ethics in business and information security
  • Experience performing code reviews
  • Experience in or strong understanding of software development / writing coding
  • Experience remediating vulnerabilities with business partners
  • Knowledge of OWASP tools and methodologies
  • Understanding of Java, C# and other web programming languages 
  • Understanding of scripting languages such as: Python, Go, AngularJS
  • Knowledge of secure system configurations for both Windows and Linux platforms 
  • Knowledge of how to secure and configure Webserver Technologies such as Apache, IIS, Tomcat etc. 
  • Ability to complete tasks and deliver professionally written and oral reports to clients at all levels of the organization
  • Possess current security certifications (e.g., CSSLP, CASS, OSWE)
  • Participate and contribute to enterprise security breach response activities; 24x7 schedule, if necessary
  • Collaborate with both internal and external partners to develop and update Security Operations standards, procedures, guidelines, and best practices
  • Developing and reporting of key information, metrics, security performance, and driving enterprise processes
  • Excellent communication, collaboration, and strong project management skills 
  • The ability to obtain a government clearance

dditional Skills:

  • Experience working with malware and applying reverse engineering techniques
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP WebInspect, Acunetix, Burp Suite Pro, amongst others)
  • Experience with creating scripts (e.g., PowerShell, Pearl, Python, Go)
  • Experience with application and system analysis tools (e.g., HP Fortify, Checkmarx, BlackDuck)
  • Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB)) 
  • Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
  • Understanding of container and automation technologies such as Jenkins, Puppet, Chef, Docker, Kubernetes etc.