Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo?
Work you’ll do
The Application Security Team focuses on evaluating the security posture of Web Applications, Mobile Applications, API’s and Web Services. The tasks included by position include:
Conduct web and mobile application security vulnerabilities assessments (review designs, perform pentest, code review, and security checks) through the use of scanning tools / manual checks and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.
Work jointly with Development Teams, Architects and Cyber Defense teams to periodically review application code and be able to define security posture of applications and back-end systems.
Assist with application security penetration testing activities, including scheduling, resources, tool execution, and reporting.
Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm’s applications. Ensure Cyber Defense management is notified when these exposures are identified, as well as a proposed solution for remediation.
5+ Years of experience, preferably in the areas of Web Application Development or Secure Application Development
Deep understanding of tools Kali Linux, Burp Suite, OWASP ZAP, or any other penetration testing frameworks or tools is a plus.
Scripting Experience Preferably Python or PowerShell
Strong understanding of OWASP Top 10 Vulnerabilities
Ability to handle major workstreams
What do we offer
Afmrecruit offers comprehensive benefits including:
Paid time off: holidays, vacation and personal leave,
Insurance: health, dental, and life,