Web and Mobile Security Analyst

JOB DESCRIPTION:

- Program includes discovery of sites, identification of site owners, kick-off meetings with stakeholders, guiding site owners to self-service scanning portal, and assisting web developers in addressing findings.
- Will be working with the US/Corporate website "owners."
- Will be explaining website security to them and showing them how to use vulnerability scanning tools.
- Will be a "security evangelist" - this position is not hands on.
- Tracking website progress and managing vulnerability trending reports are important aspects of the program.
- Communications is a key competency for this role.
- Consultant must be able to communicate technical details to development teams and also discuss high-level security findings with non IT business folks.

SKILLS:

SKILLS/QUALIFICATIONS:

- Strong communication skills (oral, written, presentation)
- Ability to work effectively with a variety of stakeholders from different technology and business teams
- Ability to provide consistent communications and metrics pertaining to the work being delivered by the team
- 5+ years experience in web and application vulnerability management
- Familiar with industry standard security best practices and vulnerability management processes
- Experience with vulnerability assessment methods, risk analysis, penetration testing, operating system and network auditing
- Experience with vulnerability scanning tools (Cenzic Hailstorm preferred)
- Knowledge of web application security best practices, web application testing methodologies and tools as well as OWASP guidelines
- Basic security incident response experience, including: ability to assess and verify security events
- Good knowledge of operating systems security (Windows, Unix, Linux)
- Good understanding of secure network/systems configuration management
- Certifications (eg GIAC, CEH, CISSP, CISA)
- Ideal background is application/website vulnerability scanning, but network vulnerability scanning is acceptable as well.
- Need to be able to speak about security in layman's terms.
- Must have strong security background.
- Certifications are not required but preferred.