Security Specialist
Must Have
• Black Duck
• Bug Bounty
• BurpSuite
• CheckMarx
• CI/CD
• Experience with Secure Development Processes (SecDev- SAST/DAST/EVM)
• Jenkins
• OWASP Top 10
• Pentest
• WebApp
JOB DESCRIPTION
The Application Security Analyst will be focused on securing the enterprise by conducting application penetration testing on the application portfolio, and by partnering with the Application Development organization to remediate vulnerability findings. Additionally, this role will directly support the Vulnerability disclosure and Bug bounty program and participate in a variety of projects as part of the ongoing operations of the Information Security department.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Perform Penetration testing for Web and Mobile applications, and APIs.
• Support Vulnerability disclosure and Bug bounty program.
• Perform dynamic application security testing using both manual and automated testing tools.
• Identify and validate false positives from automated testing tool reports as part of SDLC for SAST, SCA, DAST, and container images.
• Participate in conducting security research on threats and remediation techniques.
• Define security requirements and make recommendations to the IS/IT teams as part of governance during significant changes to applications and architecture.
• Support the Bank's operational information security responsibilities, including the development maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department's operations.
• Awareness of latest and common security threats.
• Work with stakeholders at all levels of the organization.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
• 5+ years of information security applications and systems experience.
• 4+ years of manual information security penetration testing tools, topics, and techniques
• 1+ years of mobile (Android/IOS) penetration testing experience.
• Must be well versed with OWASP Top 10 vulnerabilities.
• Certifications such as GIAC (GWAPT, GPEN, GCPN), Offensive Security Certified Professional (OSCP) and AWS are preferred.
• Skill in oral and written communication, including presentations to senior management, various levels of business and IT sponsors, and technical resources.
• Software development experience in a common programming language: C# (preferred), Java, C/C++, Python, or Go
• Scripting/programming skills – Java, Python, PowerShell, GoLang, Perl, JavaScript, .NET
• Knowledge in mitigating and addressing threat vectors including APT, DDoS, Phishing, Malicious Payload, Cloud, Mobile Device, Web Application.
• Ability to handle multiple competing priorities in a fast-paced environment.
• Black Duck
• Bug Bounty
• BurpSuite
• CheckMarx
• CI/CD
• Experience with Secure Development Processes (SecDev- SAST/DAST/EVM)
• Jenkins
• OWASP Top 10
• Pentest
• WebApp
JOB DESCRIPTION
The Application Security Analyst will be focused on securing the enterprise by conducting application penetration testing on the application portfolio, and by partnering with the Application Development organization to remediate vulnerability findings. Additionally, this role will directly support the Vulnerability disclosure and Bug bounty program and participate in a variety of projects as part of the ongoing operations of the Information Security department.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Perform Penetration testing for Web and Mobile applications, and APIs.
• Support Vulnerability disclosure and Bug bounty program.
• Perform dynamic application security testing using both manual and automated testing tools.
• Identify and validate false positives from automated testing tool reports as part of SDLC for SAST, SCA, DAST, and container images.
• Participate in conducting security research on threats and remediation techniques.
• Define security requirements and make recommendations to the IS/IT teams as part of governance during significant changes to applications and architecture.
• Support the Bank's operational information security responsibilities, including the development maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department's operations.
• Awareness of latest and common security threats.
• Work with stakeholders at all levels of the organization.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
• 5+ years of information security applications and systems experience.
• 4+ years of manual information security penetration testing tools, topics, and techniques
• 1+ years of mobile (Android/IOS) penetration testing experience.
• Must be well versed with OWASP Top 10 vulnerabilities.
• Certifications such as GIAC (GWAPT, GPEN, GCPN), Offensive Security Certified Professional (OSCP) and AWS are preferred.
• Skill in oral and written communication, including presentations to senior management, various levels of business and IT sponsors, and technical resources.
• Software development experience in a common programming language: C# (preferred), Java, C/C++, Python, or Go
• Scripting/programming skills – Java, Python, PowerShell, GoLang, Perl, JavaScript, .NET
• Knowledge in mitigating and addressing threat vectors including APT, DDoS, Phishing, Malicious Payload, Cloud, Mobile Device, Web Application.
• Ability to handle multiple competing priorities in a fast-paced environment.
