Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Application Penetration Test Analyst

P

PWW Recruiting, LLC.

Application Penetration Test Analyst

Dallas, TX
Full Time
Paid
Similar Jobs
  • Responsibilities

    The Application Penetration Test Analyst is responsible for the security testing and risk analysis of DTCC's software applications using various application security tools. Interaction with DTCC software developers to provide guidance, best practices and technical assistance in remediating software application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.

    Qualifications

    Must have

    • Minimum of 5 years of software application penetration testing experience
    • Expert on using Web Penetration Testing tools such as Burp Suite and WebInspect
    • CEH - Certified Ethical Hacker Certification
    • CISSP – Certified Information Systems Security Professional
    • Bachelor's degree
    • Experience in Static & Dynamic Code Analysis, OSS Reviews

    Good to have

    • Knowledge of Web Application Firewalls, Runtime Application Self-Protection (RASP) and Reverse Proxies
    • Knowledge with public/hybrid clouds & cloud technologies utilizing Amazon Web Services (AWS) and applying that to application security tools/functions
    • Ability to explain vulnerabilities and weaknesses in OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques
    • Knowledge in Web Programming languages and Python development environments
    • Knowledge in standard application development/management tools such as Jenkins, Git, Puppet, Chef, or Docker
    • Scripting skills in Python or PowerShell is highly desirable
    • A SANS, CISSP, OSCP, AWS Solutions, or Architect certification is preferred

    Duties

    • Perform Software Application Penetration Testing.
    • Prepare vulnerability report that details finding, vulnerabilities, and test procedure.
    • Explain application risks that have been identified during pen test to the software developers.
    • Improve and maintain secure development standards and manage application security framework improvement projects
    • Integrate security tools, standards and processes into the Software Development Life Cycle (SDLC) for both on-premises & cloud deployed applications
    • Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
    • Build a very close working relationship with DevSecOps and application development teams
    • Improve application security tool stack including static analysis, runtime testing tools, RASP, integrating the tools in CI-CD and Reporting
    • Work with our Threat Risk Management team and Development teams to develop application security requirements, security guidance, security architecture and technology solutions to address the existing and emerging application security issues for both on-prem and cloud deployed apps (agile and waterfall)