Peyton Resource Group
https://cdn.haleymarketing.com/templates/62725/logos/prgusa-social-media.png
http://www.prg-usa.com
http://www.prg-usa.com
true
Cyber Security Associate - 5919
Houston or Bartlesville, Texas or Oklahoma 77042 US
Posted: 10/13/2022
2022-10-13
2023-02-26
Job Number: 20511
Job Description
Cyber Security Analyst (Application)
The Cyber Security Analysts Application Tester will be executing application testing against applications used or developed by applications and systems. This will include web applications, SOAP and REST API integrations running on either cloud or on-prem infrastructure. In this role, you will manage the process of scheduling, and carry out application tests on an array of technology stacks, security testing support to enable DevSecOps, and consult on risk levels of vulnerabilities to help product team prioritize their corrective actions per the vulnerability management standards. In addition, in times of incident response, the Application Tester may be asked to contribute to forensics digital evidence gathering and/or technical response lead. The Cyber Security Analyst is also responsible for following processes and procedures as defined by Digital Security and IT leadership teams.
Responsibilities:
Perform application testing
Leverage and manage existing tools for application testing to detect weaknesses or possible incidents building on methodologies as such as OWASP, PCI, NIST, etc.
Configure security testing platforms and tools
Manage procedures for applications tests
Perform application testing on our internal and external facing applications
Perform threat modeling for existing applications
Perform proactive research to detect new attack vectors
Correctly balance security risk and product advancement
Training and coaching new analysts
Develop, maintain, and socialize secure coding guidelines and best practices
Work with developers to assist in designing and architecting secure systems
Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
Coach development teams on how to resolve and prevent vulnerabilities
Be a security subject matter expert and respond to any internal security engineering questions/requests
Required Qualifications:
Must be able to understand the diverse business requirements and be able to translate those requirements into applicable solutions
Ability to present and explain technical information to diverse audiences
Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp Suite
Bachelor's degree in computer science, MIS, or equivalent technology discipline
3+ years' experience in cyber security
3+ years' experience in application penetration testing
2+ years of experience with DAST and SAST Testing on web applications and web services.
Experience with web applications, databases, operating systems, and public cloud providers
Experience in penetration testing large and complex applications
Knowledge in development background using multiple development tools, techniques, and platform technologies
Experience in vulnerability assessment testing process and procedures
Knowledge of various identification and authentication schemes, Public Key Infrastructure, and Identity Management
Programming experience with focus on penetration testing or process automation
A thorough understanding of cyber security best practices and the ability to effectively apply those practices
Proven ability to quickly learn new processes and tools, business domains and technical applications
Ability to think technically and analytically
Ability to develop effective relationships and work well within a team
Must be a self-starter and detail-oriented
Must have a positive and energetic demeanor
Effective written and verbal communication skills
Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
Creative problem-solving skills
Preferred Qualifications:
Professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP
Knowledge in secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static, and dynamic code analysis)
Experienced in the use of source code scanners and the ability to manually validate findings/eliminate false positives
Familiar with the use of various manual and dynamic application vulnerability testing suites
Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner
Proficiency with scripting languages (e.G., Python, Bash, PowerShell)
Applied Threat Modeling methodologies
Experience with regulatory compliance, policy development, and policy enforcement
Experience with various compliance standards (NIST SP 800 series, PCI, SOX)
The Cyber Security Analysts Application Tester will be executing application testing against applications used or developed by applications and systems. This will include web applications, SOAP and REST API integrations running on either cloud or on-prem infrastructure. In this role, you will manage the process of scheduling, and carry out application tests on an array of technology stacks, security testing support to enable DevSecOps, and consult on risk levels of vulnerabilities to help product team prioritize their corrective actions per the vulnerability management standards. In addition, in times of incident response, the Application Tester may be asked to contribute to forensics digital evidence gathering and/or technical response lead. The Cyber Security Analyst is also responsible for following processes and procedures as defined by Digital Security and IT leadership teams.
Responsibilities:
Perform application testing
Leverage and manage existing tools for application testing to detect weaknesses or possible incidents building on methodologies as such as OWASP, PCI, NIST, etc.
Configure security testing platforms and tools
Manage procedures for applications tests
Perform application testing on our internal and external facing applications
Perform threat modeling for existing applications
Perform proactive research to detect new attack vectors
Correctly balance security risk and product advancement
Training and coaching new analysts
Develop, maintain, and socialize secure coding guidelines and best practices
Work with developers to assist in designing and architecting secure systems
Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
Coach development teams on how to resolve and prevent vulnerabilities
Be a security subject matter expert and respond to any internal security engineering questions/requests
Required Qualifications:
Must be able to understand the diverse business requirements and be able to translate those requirements into applicable solutions
Ability to present and explain technical information to diverse audiences
Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp Suite
Bachelor's degree in computer science, MIS, or equivalent technology discipline
3+ years' experience in cyber security
3+ years' experience in application penetration testing
2+ years of experience with DAST and SAST Testing on web applications and web services.
Experience with web applications, databases, operating systems, and public cloud providers
Experience in penetration testing large and complex applications
Knowledge in development background using multiple development tools, techniques, and platform technologies
Experience in vulnerability assessment testing process and procedures
Knowledge of various identification and authentication schemes, Public Key Infrastructure, and Identity Management
Programming experience with focus on penetration testing or process automation
A thorough understanding of cyber security best practices and the ability to effectively apply those practices
Proven ability to quickly learn new processes and tools, business domains and technical applications
Ability to think technically and analytically
Ability to develop effective relationships and work well within a team
Must be a self-starter and detail-oriented
Must have a positive and energetic demeanor
Effective written and verbal communication skills
Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
Creative problem-solving skills
Preferred Qualifications:
Professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP
Knowledge in secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static, and dynamic code analysis)
Experienced in the use of source code scanners and the ability to manually validate findings/eliminate false positives
Familiar with the use of various manual and dynamic application vulnerability testing suites
Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner
Proficiency with scripting languages (e.G., Python, Bash, PowerShell)
Applied Threat Modeling methodologies
Experience with regulatory compliance, policy development, and policy enforcement
Experience with various compliance standards (NIST SP 800 series, PCI, SOX)