Senior Application Security Specialist
The ideal candidate must have prior experience conducting manual web and mobile application security penetration tests within an enterprise environment and working with application stakeholders to discuss vulnerabilities and remediation options. 
Role

• Maintaining awareness of the latest critical information security vulnerabilities, threats, and exploits
• Providing guidance on existing and emerging threats in the web and mobile application space.
• Performing application security reviews throughout the application development lifecycle, including tasks such as:
  • Performing security assessments for web and mobile applications across the enterprise
  • Dynamic (DAST) application security testing and/or penetration testing of applications and source code
  • Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
  • Retesting remediation to confirm the efficacy of fixes
• Reviewing deliverables from third-party service providers and other Application Security Analysts to ensure completeness and accuracy
• Communicating technical application security concepts to customers, including developers, architects, and managers
• Identifying and developing secure software development best practices
• Identifying enhancements to tools, standards, and processes; providing input into policies and procedures, and contributing to the implementation and refinement of the strategy for the Application Risk program on a global basis

Requirements:
Tools and skills you will use in this role:

• Web and mobile application penetration testing tools
• Security information and event management (SIEM) tools (Chronicle, Splunk, ELK, etc.)
• Attack surface management solutions (Falcon, Tenable, Shodan, Censys, etc.)

• Minimum of 8 year's Information Security experience or equivalent experience in Information Risk Management.
• Advanced knowledge of web application vulnerabilities and web application business logic flaws and threats
• Advanced understanding of application architectures and technologies, including web applications, mobile technology, data encryption, and identity and access management
• Advanced, hands-on experience with manual vulnerability testing and static code analysis
• Advanced experience with tools including, but not limited to, Kali Linux platform and built-in tools, Burp Suite, and OWASP ZAP. Burp or Zap expertise must focus on manual testing rather than automated scanning.
• Advanced understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
• Written and verbal communication skills are critical
• Communicating concepts to diverse audiences with varying skill sets is vital

• Certifications such as OSCP, OSWE, or ECSA

Please email your resume or use this link to apply directly:

https://brainsworkgroup.catsone.com/careers/index.php?m=portal&a=details&jobOrderID=16414159
Or email: igork@brainsworkgroup.com
Check ALL our Jobs: http://brainsworkgroup.catsone.com/careers

keywords: security cybersecurity risk web Kali linux owasp zap sans nist cve authentication authorization access control cryptography