Employers

Application Security Analyst

col-narrow-left   

Job ID:

38671

Location:

New Orleans, LA 
col-narrow-right   

Job Views:

452

Zip Code:

70112

Posted:

11.16.2015
col-wide   

Job Description:

Responsibilities

The Security Management Program (SMP) Application Analyst is a position supporting a comprehensive risk reduction Application Certification program that proactively addresses all aspects of information security, from network and system analysis to physical and policy inspection. The methodologies, essential practices, and risk intelligence used by this team have been proven in the industry since 1997.  As a part of this team you understand and know how to:

 

  • Conduct high risk and sensitive application assessments of internally and externally hosted applications globally according to scope defined by the management team.
  • Subject matter expertise in web, mobile or network penetration testing with track record of end to end testing of complex systems.
  • Co-ordinate and execute system/network level assessments and ethical hacking exercises.
  • Pro-actively research and Identify network and system vulnerabilities and provide recommended counter measures or mitigating controls to reduce risk to an acceptable and manageable level.
  • Reviews results of network and application assessments in order to determine severity of findings and to ensure proper remediation is applied.
  • Provide accurate and timely reporting of findings and proposed remediation and mitigations.
  • Technical support could include but not limited to the following: (1) Audit support & remediation, (2) Process Improvement, (3) Analysis & Reporting, (4) Cross Divisional Functional education, training and awareness, (5) Function/Methodology/Strategy advancement.
  • Provide technical support to senior management in identifying and streamlining new/existing protocols and tools used by the penetration testing team.
  • Develop and automate scripts, tools and resources needed to advance application assessments around new and emerging technologies like mobile, cloud and embedded systems.
  • Quantify risk using threat likelihood, implementation state, and business impact variables.  The team also understands that compliance and risk scoring are not the same.  Even though they complement each other, they have to be illustrated separately.
  • prioritize remediation efforts based on business need, compliance need, and/or risk reduction need
  • Process, analyze and upload vulnerability details into the Risk and Compliance Management Console and provide actionable intelligence to your assigned clients in order to remediate their overall risk posture
  • Define action plans that are easy to implement, effective at reducing risk, and as much as possible will take advantage of existing people, processes, and technologies.
  • Actively involved in security research around new and emerging technologies.

The client may request the following:

 

  • Weekly status calls to discuss risk intelligence, incidents, vulnerability details, schedule activities, update action plans, compliance state, and/or risk state.
  • Executive Summary Reports (frequency is defined in the client contract).  The Executive Summary Report will illustrate overall engagement progress, Compliance Status and Residual Risk score, along with trending details and high-level action plans.
  • Detailed Vulnerability Reports (frequency is defined in the client contract).  The Detailed Vulnerability Reports will illustrate summary and detailed findings in regards to aged software, unusual use configurations, and vulnerability severity.
  • Detailed Action Plans (frequency is defined in the client contract).  The Detailed Action Plans will be the output of all analytical efforts.  They will help prioritize remediation efforts and provide decision analysis.  The Security Services Advisor will not be in the position to define every decision or action.  However, they will provide enough information to allow the client to make an educated decision based on analysis.
  • Monthly and ad hoc Risk Intelligence.  Through the Security Services Advisor, the client will receive a monthly digest of Microsoft Tuesday, monthly invites to Verizon Security Briefings, ad hoc publication of hype or hot alerts, and ad hoc filtered alerts based on the client’s environment.  The Security Services Advisor team will also be available to discuss the details and relevance of all risk intelligence publications.

Qualifications

Required Qualifications:

  • 5+ years of work experience application risk assessments, analysis, and guidance.
  • Bachelor’s or Master's degree in Computer Science, Information Security, Information Technology, Electrical Engineering or a related field preferred
  • Understanding of web application and network vulnerabilities including OWASP, Top 10, and SANS Top 25
  • Understanding of cryptographic concepts and applied cryptography (SSL, AES etc.)
  • Detailed understanding of OSI and TCP stack with emphasis on computer architecture and networking protocols
  • Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP, etc.
  • Good understanding of networking concepts around Ethernet, switched LAN and WAN environment
  • Strong problem solving and analytical skills
  • Strong verbal and written communication skills
  • Strong operational skills; quality and results oriented
  • Strong client service orientation


Preferred Qualifications:

  • Prior knowledge or academic familiarity with reverse engineering, malware analysis, security research and forensic tools
  • Familiarity with security tools & frameworks like Metasploit, Kali, and Canvas etc.
  • Proficiency in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
  • Proficiency in one or more high level programming languages like Java, C, C++, Ruby etc.
  • Expertise and experience in web/mobile application and network penetration testing
  • Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++

 

 

Equal Employment Opportunity

  • Verizon is a Federal Contractor
  • Verizon requests veteran priority referrals
  • Verizon is an equal opportunity and affirmative action employer M/F/Disability/Vet.

Company Info
Verizon
1 Verizon Way, Basking Ridge, NJ, 07920
Basking Ridge, NJ, United States

Phone: 908-210-6982
Web Site: www.verizon.com

Company Profile