Application Vulnerability Management Analyst - Georgia IT Inc.
washington DC, DC
About the Job
,
I had a chance of reviewing your profile .
I wanted to check in with you if you are available or perhaps do some networking for referrals.
Here is the rundown on the Position:
If interested please send your current resume with contact details to discuss further:
Subject: Application Vulnerability Management Analyst
We have a new position we are trying to fill, an Application Vulnerability Management Analyst. Please let me know if you have any candidates. They are looking for someone who has a strong background with APSCAN and Gaurdium, strong vulnerability scanning experience and one or more certifications. They will be required to conduct a Face to Face interview after a phone interview.
Position: Application Vulnerability Management Analyst
Location: Washingotn, DC (metro accessible)
Duration: Multi year contract
APPLICATION VULNERABILITY MANAGEMENT ANALYST
Roles and Responsibilities:
o Manage, modify and tweak the Application and database security scan profile as per the company's baseline standards.
o Perform security analysis of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners (IBM AppScan, and Guardium Database Scanner).
o Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS and Android).
o Review the security architecture of Company systems and create security test plans based on existing and planned controls and recommendations.
o Review scanner reports and work with the application development community to remediate issues following a risk based approach.
o Work with DBA and application development teams, to discuss vulnerabilities through recommending and monitoring of remediation activities.
o Maintain detailed documentation of test procedures and findings in the Vulnerability management system.
o Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
o Continuously monitor the published vulnerabilities for various application, operating system and database layer. Analyze the impact of the vulnerabilities on the Company's environment and accordingly publish the advisories to the different stakeholders in the Company.
o Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholders. Review the applied patch by scanning the disclosed vulnerabilities.
Selection Criteria:
o Academic/professional training to at least a Bachelors Degree or its international equivalent, preferably in Computer Science, or Computer Engineering (Mandatory);
o At least 5 years of practice as an Information Security Engineer (Mandatory);
X At least 3 year of hands on testing of application security (Mandatory);
o Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), and Information Systems Security Management Professional (ISSMP) (Mandatory)
o Demonstrated knowledge of running application testing tools (IBM AppScan Enterprise and Source, Guardium Database scanner, Burp Security Proxy or equivalent), identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan (Mandatory);
o Proven level of understanding of web application technologies (Java, .NET) and database management systems (Oracle, MS SQL) and related security concepts (Mandatory);
o In-depth knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc. (Mandatory);
o Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility (Mandatory);
o Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results (Mandatory);
o Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers (Mandatory);
o Ability to collaborate with business stakeholders to identify requirements and drive compliance with approved standards (Mandatory).
o o Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries even without active guidance from the management;
o Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues in simple terms; Analytical skills required.
o High ethical standard
Anita A
Senior Recruiter– IT Services.
5490 McGinnis village place
Suite 203, Alpharetta, GA 30005
Tel : (470) 798-5000 x 1235 Direct
Cell 908 838 2530
anita@georgiait.com.
. www.georgiait.com
There are no secrets to success. It is the result of preparation, hard work, and learning from failure.
Note: We respect your online privacy. This is not an unsolicited mail. Under Bill s.1618 Title III passed by the 105th U.S. Congress this mail cannot be considered Spam as long as we include contact information and a method to be removed from our mailing list. To be removed from our mailing list, reply with remove in the subject heading and your email address in the body. This message contains confidential information and is intended only for the individual named. I am sorry for the inconvenience caused
I had a chance of reviewing your profile .
I wanted to check in with you if you are available or perhaps do some networking for referrals.
Here is the rundown on the Position:
If interested please send your current resume with contact details to discuss further:
Subject: Application Vulnerability Management Analyst
We have a new position we are trying to fill, an Application Vulnerability Management Analyst. Please let me know if you have any candidates. They are looking for someone who has a strong background with APSCAN and Gaurdium, strong vulnerability scanning experience and one or more certifications. They will be required to conduct a Face to Face interview after a phone interview.
Position: Application Vulnerability Management Analyst
Location: Washingotn, DC (metro accessible)
Duration: Multi year contract
APPLICATION VULNERABILITY MANAGEMENT ANALYST
Roles and Responsibilities:
o Manage, modify and tweak the Application and database security scan profile as per the company's baseline standards.
o Perform security analysis of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners (IBM AppScan, and Guardium Database Scanner).
o Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS and Android).
o Review the security architecture of Company systems and create security test plans based on existing and planned controls and recommendations.
o Review scanner reports and work with the application development community to remediate issues following a risk based approach.
o Work with DBA and application development teams, to discuss vulnerabilities through recommending and monitoring of remediation activities.
o Maintain detailed documentation of test procedures and findings in the Vulnerability management system.
o Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
o Continuously monitor the published vulnerabilities for various application, operating system and database layer. Analyze the impact of the vulnerabilities on the Company's environment and accordingly publish the advisories to the different stakeholders in the Company.
o Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholders. Review the applied patch by scanning the disclosed vulnerabilities.
Selection Criteria:
o Academic/professional training to at least a Bachelors Degree or its international equivalent, preferably in Computer Science, or Computer Engineering (Mandatory);
o At least 5 years of practice as an Information Security Engineer (Mandatory);
X At least 3 year of hands on testing of application security (Mandatory);
o Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), and Information Systems Security Management Professional (ISSMP) (Mandatory)
o Demonstrated knowledge of running application testing tools (IBM AppScan Enterprise and Source, Guardium Database scanner, Burp Security Proxy or equivalent), identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan (Mandatory);
o Proven level of understanding of web application technologies (Java, .NET) and database management systems (Oracle, MS SQL) and related security concepts (Mandatory);
o In-depth knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc. (Mandatory);
o Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility (Mandatory);
o Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results (Mandatory);
o Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers (Mandatory);
o Ability to collaborate with business stakeholders to identify requirements and drive compliance with approved standards (Mandatory).
o o Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries even without active guidance from the management;
o Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues in simple terms; Analytical skills required.
o High ethical standard
Anita A
Senior Recruiter– IT Services.
5490 McGinnis village place
Suite 203, Alpharetta, GA 30005
Tel : (470) 798-5000 x 1235 Direct
Cell 908 838 2530
anita@georgiait.com.
. www.georgiait.com
There are no secrets to success. It is the result of preparation, hard work, and learning from failure.
Note: We respect your online privacy. This is not an unsolicited mail. Under Bill s.1618 Title III passed by the 105th U.S. Congress this mail cannot be considered Spam as long as we include contact information and a method to be removed from our mailing list. To be removed from our mailing list, reply with remove in the subject heading and your email address in the body. This message contains confidential information and is intended only for the individual named. I am sorry for the inconvenience caused
Source : Georgia IT Inc.