Application Security Analyst - Expert Level
[spring, Tx, 77379], Texas
Employer: Saxon Global
Industry:
Salary: Competitive
Job type: Part-Time
Job Description: Security Analyst (Penetration Tester) - Expert Level
Exxon Mobil Corporation is looking to bring on an experienced application security contractor in order to supplement internal efforts. Candidate should have all of the following technical and professional characteristics as well:
- Min 6 years of experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment
- Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
- Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
- Full grasp and ability to articulate and/or train others on the OWASP Top 10 and related concepts
- Minimum 6 years of experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
- Minimum 6 years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
- Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
- Ability to capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
- Have a solid grasp of core security fundamentals and concepts, including knowing ones system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
- Minimum 6 years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
- Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management
- Preference is for candidates with two or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE
*Work location update* Andrew would like to see candidates that are willing to come onsite 1 day per week and remote the remainder of the week. When you submit the candidate, please provide notes to include if candidate is willing to come onsite 1 day/week or if the candidate is only considering 100% remote opportunities. This way Andrew is able to prioritize candidates based on this information.
QUESTIONS - PLEASE INCLUDE WITH EACH SUBMITTAL - candidates will be disqualified if not included.
For each technology, how many manual vulnerability assessments have you completed over the last 2 years and what is the most common tool used during the assessment?
Web Application
SAP Application
Cloud Application
Mobile Application
Infrastructure
What is the coolest exploit you have found?
What is your favorite nmap parameter and why?
Required Skills : Ruby,.NET,Bash,CSS,Pearl,MSQL,HTTP,Java,HTML
Basic Qualification :
Additional Skills :
Background Check :Yes
Drug Screen :Yes
Notes :
Selling points for candidate :
Project Verification Info :
Candidate must be your W2 Employee :Yes
Exclusive to Apex :No
Face to face interview required :No
Candidate must be local :No
Candidate must be authorized to work without sponsorship ::No
Interview times set : :No
Type of project :Assessment/Analysis
Master Job Title :Misc: Non-Technical
Branch Code :Houston
Exxon Mobil Corporation is looking to bring on an experienced application security contractor in order to supplement internal efforts. Candidate should have all of the following technical and professional characteristics as well:
- Min 6 years of experience penetration/vulnerability testing for web and thick-client applications in an enterprise environment
- Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
- Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
- Full grasp and ability to articulate and/or train others on the OWASP Top 10 and related concepts
- Minimum 6 years of experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
- Minimum 6 years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
- Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
- Ability to capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
- Have a solid grasp of core security fundamentals and concepts, including knowing ones system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.
- Minimum 6 years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls.
- Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management
- Preference is for candidates with two or more of the following certifications: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE
*Work location update* Andrew would like to see candidates that are willing to come onsite 1 day per week and remote the remainder of the week. When you submit the candidate, please provide notes to include if candidate is willing to come onsite 1 day/week or if the candidate is only considering 100% remote opportunities. This way Andrew is able to prioritize candidates based on this information.
QUESTIONS - PLEASE INCLUDE WITH EACH SUBMITTAL - candidates will be disqualified if not included.
For each technology, how many manual vulnerability assessments have you completed over the last 2 years and what is the most common tool used during the assessment?
Web Application
SAP Application
Cloud Application
Mobile Application
Infrastructure
What is the coolest exploit you have found?
What is your favorite nmap parameter and why?
Required Skills : Ruby,.NET,Bash,CSS,Pearl,MSQL,HTTP,Java,HTML
Basic Qualification :
Additional Skills :
Background Check :Yes
Drug Screen :Yes
Notes :
Selling points for candidate :
Project Verification Info :
Candidate must be your W2 Employee :Yes
Exclusive to Apex :No
Face to face interview required :No
Candidate must be local :No
Candidate must be authorized to work without sponsorship ::No
Interview times set : :No
Type of project :Assessment/Analysis
Master Job Title :Misc: Non-Technical
Branch Code :Houston
Created: 2024-04-30
Reference: SG - 72076
Country: United States
State: Texas
City: [spring, Tx, 77379]
Similar jobs:
-
Security Risk Analyst II or III
Entergy Corp. in The Woodlands, Texas -
Cyber Security Analyst, Senior- TS/SCI
Jacobs in San Antonio, Texas -
Network Security Analyst Lvl 3
Compunnel in Austin, Texas -
Network Security Analyst 1
Saxon Global in [austin, Tx], Texas -
Sailpoint Security Analyst or Sailpoint Support engineer
Saxon Global in [austin, Tx, 78759], Texas -
Information Security Analyst 3 - Contingent 154948
Ascent Services Group in Irving, Texas💸 $55 - $60 per hour -
Information Security Analyst 3 - Contingent 154955
Innova solutions in Irving, Texas -
Info Security Analyst Entry Level - Vulnerability Assessment
United Services Automobile Association in San Antonio, Texas💸 $61110 - $116880 per year -
Information Security Analyst
Saxon Global in [austin, Tx], Texas -
IT Security Analyst
Apex Systems in Austin, Texas -
Information Security Analyst - II
Innova solutions in Irving, Texas💸 $50 per hour -
Information Security Analyst - II
Ascent Services Group in Irving,, Texas💸 $50 per hour -
Information Security Analyst II or III
Entergy Corp. in The Woodlands, Texas -
Security Analyst
Insperity in Kingwood, Texas💸 $64500 - $98500. per year -
Information Security Analyst 3 - Contingent 154948
Innova solutions in Irving, Texas💸 $55 - $60 per hour -
Security Analyst (Senior)
Procom in Houston, Texas -
Security Risk Analyst
ARM in Austin, Texas -
Information Security Analyst 3 - Contingent 154955
Ascent Services Group in Irving, Texas -
Info Security Analyst Senior - Red Team
United Services Automobile Association in San Antonio, Texas -
Security Analyst
INSPYR Solutions in Pasadena, Texas💸 $75000 per year