The position of the Enterprise Security Expert / Web Application Security Analyst is organizationally placed in the Information Security Unit. In this capacity, the Analyst will be primarily responsible for performing information security assessments of web-based applications, code reviews and web application security consulting.
Specific responsibilities :
* Perform web application threat modeling, vulnerability assessments, code reviews, and develop mitigation strategies.
* Formulate assessment reports outlining findings and specific actionable recommendations.
* Formulate assessment reports outlining identified information security vulnerabilities, potential impact; provide and prioritize actionable recommendations, and estimate remediation effort levels.
* Develop testing procedures and scripts.
* Contribute to the ongoing enhancement of the Organization’s web application vulnerability assessment capabilities through the development and implementation of improved methodology, processes, and tools.
* Liaise with internal ICT groups and other constituencies including counterparts in partner organizations and third party security service providers on the issues relating to the web application security.
* Mentor team members on web application assessment methodologies and techniques.
Qualifications :
* Advanced university degree (Master’s degree or equivalent) preferably in computer engineering or Information Systems or Electrical Engineering is highly desirable. A first level university degree with a relevant combination of academic qualifications and experience in the networking may be accepted in lieu of the advanced university degree.
* 4-6 years of progressively responsible experience in information security, web application vulnerability assessments and penetration testing is required.
* Experience with TCP / IP networking (LAN, MAN, WAN) systems.
* Knowledge of network security, current information security threats and incident management concepts and practices.
* Development and / or vulnerability testing experience with web frameworks and programming including HTML, JSON and Ajax, .NET, ASP, PHP, WordPress, and Drupal.
* Experience with scripting languages such as bash, Perl, Python, PowerShell.
* Experience with vulnerability scanners, penetration testing, as well as with web application testing tools such as Burp, OWASP Zap, Nessus, Nmap, NeXpose, Metasploit, Wireshark, IBM Rational AppScan.
* Excellent written and oral communication skills.
* Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
* Knowledge of SDLC practices, common security requirements within .NET, and Drupal application and similar frameworks.
* Excellent technical skills.
* Excellent analytical skills.
* Excellent interpersonal and communication (verbal and written) skills in English.
* Ability to work in a multi-cultural environment.
* Ability to work in an organized and logical manner.
* Ability to work well under pressure.
#J-18808-Ljbffr