Application Security Specialist
Chicago, IL, United States
Application Security Specialist
One of our clients, global pharmaceutical company is looking for an enthusiastic Senior Application Security Specialist.
This is a permanent FT position with competitive compensation and great benefits package. Location is North Chicago, IL Area
Hybrid Commute (3 days on-site, 2 days remote)
** Must be authorized to work in US for ANY EMPLOYER.
No H1 Visa support for this position.
To be considered immediately please send your resume to [email protected]
Senior Application Security Specialist
The ideal candidate must have prior experience conducting manual web and mobile application security penetration tests within an enterprise environment and working with application stakeholders to discuss vulnerabilities and remediation options.
Role
Maintaining awareness of the latest critical information security vulnerabilities, threats, and exploits
Providing guidance on existing and emerging threats in the web and mobile application space.
Performing application security reviews throughout the application development lifecycle, including tasks such as:
Performing security assessments for web and mobile applications across the enterprise
Dynamic (DAST) application security testing and/or penetration testing of applications and source code
Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
Retesting remediation to confirm the efficacy of fixes
Reviewing deliverables from third-party service providers and other Application Security Analysts to ensure completeness and accuracy
Communicating technical application security concepts to customers, including developers, architects, and managers
Identifying and developing secure software development best practices
Identifying enhancements to tools, standards, and processes; providing input into policies and procedures, and contributing to the implementation and refinement of the strategy for the Application Risk program on a global basis
Requirements:
Tools and skills you will use in this role:
Web and mobile application penetration testing tools
Security information and event management (SIEM) tools (Chronicle, Splunk, ELK, etc.)
Attack surface management solutions (Falcon, Tenable, Shodan, Censys, etc.)
Required:
Minimum of 8 year's Information Security experience or equivalent experience in Information Risk Management.
Advanced knowledge of web application vulnerabilities and web application business logic flaws and threats
Advanced understanding of application architectures and technologies, including web applications, mobile technology, data encryption, and identity and access management
Advanced, hands-on experience with manual vulnerability testing and static code analysis
Advanced experience with tools including, but not limited to, Kali Linux platform and built-in tools, Burp Suite, and OWASP ZAP. Burp or Zap expertise must focus on manual testing rather than automated scanning.
Advanced understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
Written and verbal communication skills are critical
Communicating concepts to diverse audiences with varying skill sets is vital
Beneficial:
Certifications such as OSCP, OSWE, or ECSA
Please email your resume or use this link to apply directly:
https://brainsworkgroup.catsone.com/careers/index.php?m=portal&a=details&jobOrderID=16414159
Or email: [email protected]
Check ALL our Jobs: http://brainsworkgroup.catsone.com/careers
keywords: security cybersecurity risk web Kali linux owasp zap sans nist cve authentication authorization access control cryptography