NOTE: WE ARE LOOKING ONLY FOR CANDIDATES WILLING TO JOIN US DIRECTLY AS W2 EMPLOYEES (NO 3RD PARTY CANDIDATES)
SOFTWARE QA SECURITY ANALYST
ASHBURN, VA
FULL TIME / CONTRACT TO HIRE
DUTIES & RESPONSIBILITIES
- Reviews requirements documents to assess impact to security and develop test cases/abuse cases
- Regularly reviews application design/implementation documentation for threat modeling, risk analysis and attack surface analysis and creates.
- Regularly reviews applications source code/components for vulnerabilities and weakness both via manual and automated means.
- Performs regular dynamic security testing of applications primarily manual testing but augmented by automated security test tools.
- Performs regular dependency checks on the various components used by the developers to ensure no vulnerable component are used in the applications.
- Reports all risks/vulnerabilities and create enhancements/bug tickets.
Recommends potential fixes to vulnerabilities where applicable.
- Verifies all security enhancements/tickets to ensure that reported vulnerabilities have been successfully remediated.
- Regularly performs security assessments of on-prem and cloud based deployments.
- Continuously research threats and attack vectors that impact the company's applications.
Stays updated with current offensive/defensive techniques and processes.
- Actively study tech stack used in the applications in other to be able to provide guidance on design, usage, implementation and deployment (from security perspective).
- Performs other duties as may be requested/assigned within area of expertise.
- Proactively asks for tasks/assignments.
- Regularly attend project team meetings.
- Regularly provides status reports on progress of tasks.
JOB REQUIREMENTS
- Minimum Bachelor degree in IT or Computer Science/Engineering or related discipline, or the equivalent combination of education, professional training or work experience (6 years).
- The successful candidate must meet eligibility requirements to access sensitive information.
Must have 2-3yrs recent experience in performing manual web application vulnerability assessments.
- Must have experience with SAST tools such as Fortify or other similar tools to review application source code.
- Must have experience with DAST tools such as Burp suite, Owasp Zap or similar tools.
- 2-3 yrs. programming experience in Java, C# and related tech stacks.
- Must be able to read/comprehend source code in order to identify/test potentially vulnerable implementations.
- Must be able to identify, document and exploit/defend security findings.
- Good knowledge Owasp top 10 as well as be able to provide guidance on fixes.
- Excellent analytical and problem solving skills.
- Must have good communications skills.
PREFERRED QUALIFICATIONS:
- Experience with participation in bug bounty programs.
Industry certifications such as CEH, CSSLP, OSCP or SANS certifications.
- Experience with DevOPs/DevSecOPs models.
Working experience with container technologies such as Docker/Kubernetes.
- Experience with cloud providers such as Aws and Azure.
- Certifications in cloud providers such as Aws and Azure .
- Experience testing rest APIs.
- Experience testing modern SPA applications.
- Experience in developing security exploits/POCs.
- Experience in DevOps tools such as Chef, Ansible, Server Spec.
- Experience in QA automation tools such as Selenium.
- Experience with Windows and Linux servers (configuration, scripting, hardening).
- Experience with QA testing methodology.