Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Software QA Security Analyst

L

Loginsoft Consulting LLC

Software QA Security Analyst

Ashburn, VA
Full Time
Paid
Similar Jobs
  • Responsibilities

    NOTE: WE ARE LOOKING ONLY FOR CANDIDATES WILLING TO JOIN US DIRECTLY AS W2 EMPLOYEES (NO 3RD PARTY CANDIDATES)

    SOFTWARE QA SECURITY ANALYST

    ASHBURN, VA

    FULL TIME / CONTRACT TO HIRE

    DUTIES & RESPONSIBILITIES

    • Reviews requirements documents to assess impact to security and develop test cases/abuse cases
    • Regularly reviews application design/implementation documentation for threat modeling, risk analysis and attack surface analysis and creates.
    • Regularly reviews applications source code/components for vulnerabilities and weakness both via manual and automated means.
    • Performs regular dynamic security testing of applications primarily manual testing but augmented by automated security test tools.
    • Performs regular dependency checks on the various components used by the developers to ensure no vulnerable component are used in the applications.
    • Reports all risks/vulnerabilities and create enhancements/bug tickets. Recommends potential fixes to vulnerabilities where applicable.
    • Verifies all security enhancements/tickets to ensure that reported vulnerabilities have been successfully remediated.
    • Regularly performs security assessments of on-prem and cloud based deployments.
    • Continuously research threats and attack vectors that impact the company's applications. Stays updated with current offensive/defensive techniques and processes.
    • Actively study tech stack used in the applications in other to be able to provide guidance on design, usage, implementation and deployment (from security perspective).
    • Performs other duties as may be requested/assigned within area of expertise.
    • Proactively asks for tasks/assignments.
    • Regularly attend project team meetings. 
    • Regularly provides status reports on progress of tasks.

    JOB REQUIREMENTS

    • Minimum Bachelor degree in IT or Computer Science/Engineering or related discipline, or the equivalent combination of education, professional training or work experience (6 years).
    • The successful candidate must meet eligibility requirements to access sensitive information. Must have 2-3yrs recent experience in performing manual web application vulnerability assessments.
    • Must have experience with SAST tools such as Fortify or other similar tools to review application source code.
    • Must have experience with DAST tools such as Burp suite, Owasp Zap or similar tools.
    • 2-3 yrs. programming experience in Java, C# and related tech stacks.
    • Must be able to read/comprehend source code in order to identify/test potentially vulnerable implementations.
    • Must be able to identify, document and exploit/defend security findings.
    • Good knowledge Owasp top 10 as well as be able to provide guidance on fixes.
    • Excellent analytical and problem solving skills.
    • Must have good communications skills.

    PREFERRED QUALIFICATIONS:

    • Experience with participation in bug bounty programs. Industry certifications such as CEH, CSSLP, OSCP or SANS certifications.
    • Experience with DevOPs/DevSecOPs models. Working experience with container technologies such as Docker/Kubernetes.
    • Experience with cloud providers such as Aws and Azure.
    • Certifications in cloud providers such as Aws and Azure .
    • Experience testing rest APIs.
    • Experience testing modern SPA applications.
    • Experience in developing security exploits/POCs.
    • Experience in DevOps tools such as Chef, Ansible, Server Spec.
    • Experience in QA automation tools such as Selenium.
    • Experience with Windows and Linux servers (configuration, scripting, hardening).
    • Experience with QA testing methodology.