Назад
Company hidden
7 дней назад

Application Scanning Analyst

Формат работы
remote
Тип работы
fulltime
Английский
b2
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Application Scanning Analyst (Application Security): Perform authenticated and unauthenticated web application vulnerability scans and security assessments with an accent on DAST/SAST execution, API and middleware vulnerability analysis, and risk-based prioritization. Focus on validating scan findings, correlating application issues with infrastructure/network risks, and driving remediation guidance through DevSecOps/CI/CD integration.

Location: Remote

Company

hirify.global supports a program for the National Institutes of Health (NIH).

What you will do

  • Run authenticated and unauthenticated web application vulnerability scans for internally developed and commercial applications.
  • Conduct application security assessments and perform Dynamic Application Security Testing (DAST) while supporting Static Application Security Testing (SAST).
  • Assess APIs, web services, and middleware for security vulnerabilities and perform application configuration reviews.
  • Analyze scan results, validate findings to reduce false positives, and prioritize remediation using risk-based methods (including CVSS and exploitability).
  • Correlate application vulnerabilities with infrastructure and network risks; identify issues requiring immediate remediation and perform root cause analysis for recurring problems.
  • Collaborate with development teams to improve security across the SDLC and integrate security scanning into DevSecOps/CI/CD pipelines.

Requirements

  • Public Trust clearance or ability to obtain a Public Trust clearance
  • 5+ years of experience performing application security assessments or web application vulnerability scanning
  • Experience with authenticated and unauthenticated web application security testing
  • Experience supporting enterprise vulnerability management programs
  • Experience interpreting application security findings and producing remediation guidance
  • Experience supporting Federal cybersecurity or large enterprise environments

Nice to have

  • Preferred certifications: GWAPT, GWEB, CSSLP, OSWA, or CEH

Culture & Benefits

  • Fully remote role
  • Work supporting NIH application environments with secure-by-design expectations
  • Collaboration with software development teams to mitigate vulnerabilities and improve SDLC security

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →