Job Details

Home

Application Security Tester at Remote, Remote, USA

From:

Prabhat,

VYZEINC

[email protected]

Reply to:   [email protected]

Job Description -Application Security Tester Must have Heavy Application Security Testing with Veracode & Checkmark exp and AppScan scanning experience.  Specifically needs someone who actually runs the scans, vet the results, etc. the person needs to have previous Veracode and AppScan scanning experience. Security Clearance is a huge plus but doesnt want to emphasize that.Application Security Tester
Location Must be local to Dallas or Atlanta but will be a remote role on contract. They want to do contract-to-hire so location is important!Duration 1+ year contract***This is a remote role unless they convert which wouldnt be for a while. I wouldnt focus on conversion right now.This position is a Lead Cyber Security to perform Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers and also provide complex problem resolution support to AppSec TestersExperience Level: 12+ yearsLocation: Dallas, TX or Atlanta, GARoles and Responsibilities:
Perform SAST/SCA/DAST scans using industry vulnerability scanner
SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWEs as well as SCA derived CVEs.   Work will include coordination with app owner to ensure all branches of code are included in compiled binary file.
DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.
During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities
Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users
Perform manual validation and false-positive analysis on the automated scan results.
Provide remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks.
Execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams.
Author complex application testing and remediation/mitigation recommendations
Technical leadership of group of testers.
Works in collaboration with India based Technical SMEs to define scan tool configuration used by AppSec Testers, continuously monitors industry trends and threat developments to modify scan configuration to ensure testing processes evolve ahead of threat actors.Primary / Mandatory skills:Overall 12+ years of IT experience
9+ years of application security Experience
7+ years of Application Security testing Experience
Bachelor's degree required.
Deep familiarity with the OWASP Top 10 and other security concerns for web applications
Deep Understanding of OWASP Application Security Verification Standards (ASVS)
Deep understanding of SAST, DAST, SCA Scanning practices
Experience in configuring and scanning leveraging Veracode, Appscan or other enterprise tools.
Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools
Understanding of SAST, DAST tools and dependency scanning tools
Experience working/integrating with secret management systems
Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.)
Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications
Strong documentation skills
Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required)
Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team
Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas  Technical Skills: SAST, DAST, SCA, expertise in identifying vulnerabilities and Recommending Mitigations.Additional information (if any): Flexible to provide coverage in India evening hours upon need.Certification: CSSLP, CISSP or equivalent

Keywords: javascript information technology Texas
Application Security Tester
[email protected]

[email protected]
View All

03:33 AM 17-Jan-25

To remove this job post send "job_kill 2089087" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

pupadhyay@vyzeinc.com wrote:
From:

Prabhat,

VYZEINC

pupadhyay@vyzeinc.com

Reply to:   pupadhyay@vyzeinc.com

Job Description -Application Security Tester  Must have Heavy Application Security Testing with Veracode & Checkmark exp and AppScan scanning experience.  Specifically needs someone who actually runs the scans, vet the results, etc. the person needs to have previous Veracode and AppScan scanning experience. Security Clearance is a huge plus but doesnt want to emphasize that.Application Security Tester 
 Location  Must be local to Dallas or Atlanta but will be a remote role on contract.  They want to do contract-to-hire so location is important!Duration  1+ year contract***This is a remote role unless they convert which wouldnt be for a while. I wouldnt focus on conversion right now.This position is a Lead Cyber Security to perform Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers and also provide complex problem resolution support to AppSec TestersExperience Level: 12+ yearsLocation: Dallas, TX or Atlanta, GARoles and Responsibilities:
Perform SAST/SCA/DAST scans using industry vulnerability scanner 
SAST/SCA  Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWEs as well as SCA derived CVEs.   Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. 
DAST  Work begins with crawling the target application to identify existing directory and file structure.  Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. 
During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities 
Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users 
Perform manual validation and false-positive analysis on the automated scan results.   
Provide remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. 
Execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. 
Author complex application testing and remediation/mitigation recommendations
Technical leadership of group of testers.
Works in collaboration with India based Technical SMEs to define scan tool configuration used by AppSec Testers, continuously monitors industry trends and threat developments to modify scan configuration to ensure testing processes evolve ahead of threat actors.Primary / Mandatory skills:Overall  12+ years of IT experience
9+ years of application security Experience
7+ years of Application Security testing Experience
Bachelor's degree required. 
Deep familiarity with the OWASP Top 10 and other security concerns for web applications 
Deep Understanding of OWASP Application Security Verification Standards (ASVS) 
Deep understanding of SAST, DAST, SCA Scanning practices
Experience in configuring and scanning leveraging Veracode, Appscan or other enterprise tools.
Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools 
Understanding of SAST, DAST tools and dependency scanning tools 
Experience working/integrating with secret management systems
Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) 
Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications 
Strong documentation skills 
Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) 
Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team 
Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas  Technical Skills: SAST, DAST, SCA, expertise in identifying vulnerabilities and Recommending Mitigations.Additional information (if any): Flexible to provide coverage in India evening hours upon need.Certification: CSSLP, CISSP or equivalent

Keywords: javascript information technology Texas 
Application Security Tester
pupadhyay@vyzeinc.com

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]

Time Taken: 348

Location: Dallas, Oregon