Carrer

­

­

Description:

Client is seeking to augment the existing quality assurance staff with a senior application security analyst. This position will lead aspects of the COMETS HD validation effort with focus on Security Services architecture solutions. The systems analyst must be familiar with Quality Assurance best practices have experience with Iterative Software Development Life Cycle in a Service Oriented Architecture environment.  

Responsibilities:

• Interpret system documentation and determine validation approach

• Coordinate   Security related validation activities with Security and Development teams
• Execute security related test plans (both vulnerability and  role based security)  and provide test results
• Execute static source code  and dynamic  web application  scans
• Analyze , parse and interpret   test results
• Provide test & vulnerability summary reports to development team
• Effectively communicate the analysis/validation of AppScan results for  actionable remediation
• Maintenance of security related  test plans 
• Support, configuration and maintenance of test tools needed for validation efforts
• Interface with Enterprise  Security Governance on security issues
• Act as an advocate for security related concerns in all phases of SDLC

Skills Desired:

• Candidate must possess a broad understanding of security architectures
• Candidate must understand Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE) industry resources to   assess risk and communicate application security findings
• Using CWE and OWASP resources the candidate must provide fix recommendations, safe coding practices, and other tactics to development  for actionable remediation 
• In depth knowledge of industry standard client privacy and    data protection policies and techniques
• Ability to readily   reference    NIST and IRS Pub 1075  government regulations and executive orders as part of validation approach
• Vulnerability and  Intrusion   detection and prevention
• Verification  and Validation of:
• Authentication and Authorization 
• Security policies 
• Access Controls
• Audit and Accountability
• System and Communication Protection
• Web services using SOAP tools
• Failover testing
• Active Directory
• Encryption
• Event Management

Tool Experience:

The candidate must have  experience using IBM APPSCAN or comparable or similar application vulnerability detection and management  software [such as HP Fortify/WebInspect , Rapid 7 Nexpose/NTO objective, Veracode, White Hat or Qualys] and should have experience using the some of the following tools sets: 

• Nessus Network Scanning Tool & Tenable Security Center
• Security Identity Manager  Security Access Manager (formally Tivoli) ), or comparable identity and access management tool
• Data Power
• Active Directory Federation Services

Qualifications/Experience Desired:

• Computer Science degree
• 5-10 years' experience  with technical validation of large scale, complex public sector systems
• Experience with RATIONAL  / JAZZ software development lifecycle (SDLC) tool sets
• Auditing  and Regulatory Compliance Testing
• Working knowledge of virus scanning software
• Automated Tool experience is a plus