Job Title: Information Risk Analyst
Job Length: One Year Contract
Job Summary:
Provide support and expertise in relation to the execution of application security assessments within an established team. Test for, identify, and document application vulnerabilities in line with established corporate and industry standards. Serve as the SME to the department and enterprise by providing accurate, comprehensive testing and results, thorough analysis, and remediation guidance for assigned initiatives.
This includes:
· Plan for and execute manual and automated penetration testing against applications in scope.
· Validate and document vulnerabilities produced by test execution.
· Provide clear technical detail, proof of concept, business impacts, and potential remediation strategies in relation to discovered findings.
· Translate and present findings to non-technical business staff where required.
· Work with application teams and owners to identify and implement remediation strategies and improve application development processes.
· Consult as required with management, developers, and other relevant personnel to identify and help implement improvements to application development and security.
· Provide technical expertise and support to clients and all IT staff in the creation and implementation of appropriate application security controls.
Job Responsibilities And Requirements:
· Proficient in application security testing; familiarity with testing methodologies and test execution, the identification and understanding of risk analysis, application vulnerabilities, counter-measures, and remediation strategies.
· Functional understanding and experience with automated application vulnerability scanners and desktop tools used for application security testing.
· Thorough understanding of application architecture, related components, platforms and languages; JAVA, ASP and ASP .NET, HTML, TCP IP, JavaScript, SQL, SOAP, XML, Web Services, etc.
· Functional understanding of WAF’s and other security appliance technologies.· Thorough understanding of application security standards and best practices; familiarity with industry leading organizations such as OWASP, SANS, etc.
· Experience with role-based authorization, authentication technologies, and security administration systems in an enterprise class environment.
· Thorough understanding of various application development methodologies and the secure software development lifecycle.
· Ability to relate and understand business requirements and risks to technology implementation for application security-related issues.
· Strong analytical and organizational skills and ability to handle multiple priorities
· Excellent communication and documentation skills. Integrity and confidentiality are critical to the role.
Experience:
· Bachelors degree preferred.
· A minimum of 3 years active experience in Information Security or Security Engineering roles.
· Experience in application development or application systems engineering.
· Security certification preferred e.g. CISSP, SANS
FOR IMMEDIATE CONSIDERATION, CONTACT:
A.J. Ferullo
Talent Management Director
MSK Placement Associates, LLC
263 Summer Street
Boston, MA 02210
617-737-6218
aj_ferullo@mskplacement.com
Leave a Comment