Application Scanning Analyst
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Application Scanning Analyst (Application Security): Perform authenticated and unauthenticated web application vulnerability scans and security assessments with an accent on DAST/SAST execution, API and middleware vulnerability analysis, and risk-based prioritization. Focus on validating scan findings, correlating application issues with infrastructure/network risks, and driving remediation guidance through DevSecOps/CI/CD integration.
Location: Remote
Company
supports a program for the National Institutes of Health (NIH).
What you will do
- Run authenticated and unauthenticated web application vulnerability scans for internally developed and commercial applications.
- Conduct application security assessments and perform Dynamic Application Security Testing (DAST) while supporting Static Application Security Testing (SAST).
- Assess APIs, web services, and middleware for security vulnerabilities and perform application configuration reviews.
- Analyze scan results, validate findings to reduce false positives, and prioritize remediation using risk-based methods (including CVSS and exploitability).
- Correlate application vulnerabilities with infrastructure and network risks; identify issues requiring immediate remediation and perform root cause analysis for recurring problems.
- Collaborate with development teams to improve security across the SDLC and integrate security scanning into DevSecOps/CI/CD pipelines.
Requirements
- Public Trust clearance or ability to obtain a Public Trust clearance
- 5+ years of experience performing application security assessments or web application vulnerability scanning
- Experience with authenticated and unauthenticated web application security testing
- Experience supporting enterprise vulnerability management programs
- Experience interpreting application security findings and producing remediation guidance
- Experience supporting Federal cybersecurity or large enterprise environments
Nice to have
- Preferred certifications: GWAPT, GWEB, CSSLP, OSWA, or CEH
Culture & Benefits
- Fully remote role
- Work supporting NIH application environments with secure-by-design expectations
- Collaboration with software development teams to mitigate vulnerabilities and improve SDLC security
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →