Portland Metro Area,
Post Date: 05/16/2018
Job ID: JN -052018-6178
Industry: Security - IT
Evo is seeking a Web Application Security Engineer for our Beaverton Client. The Web Application Security Engineer is part of the Attack Surface Management (ASM) organization and participates in the attack surface reduction of global computing assets. The Web Application Security Engineer is responsible for performing both automated and manual web application security testing of applications, coordination with developers regarding findings, provide remediation guidance and completion of day to day tasks associated with maintaining the platforms. This contract opportunity is scheduled through 11/17/18, with an extension based on fit, need and budget.
SKILLS and REQUIREMENTS:
- Automate and schedule regular external dynamic web application security scans of applications
- Assist with integration of dynamic web application assessments into secure SLDC lifecycles and validation that results are being regularly reviewed by developers
- Maintain the day to day operations, configuration and scaling of the dynamic web application security platform
- Perform manual validation of dynamic web scanner findings and assist with false positive reviews with developers
- Be subject matter expert on common web application security findings such as the OWASP top 10 and provide remediation recommendations
- Lead regular meetings with developer stakeholders to ensure remediation efforts adhere to corporate standards and policies
- Perform required audit related tasks from internal audit, SOX and PCI activities
- Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk identification
- Maintain and compose operational process documentation regarding program execution
- Technical administration of vulnerability or securecode solutions such as Burp, WhiteHat, Microfocus Fortify & Webinspect, Veracode, Rapid7 AppSpider/Metasploit/Nexpose, or Qualys WAS
- Windows Servers, Desktops, Laptops
- UNIX Servers (Solaris, Red Hat Enterprise)
- Network Switching and Routing (Cisco, Juniper)
- Familiarity of TCP/IP and associated protocols
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience
- 5+ years of IT professional experience
- 2+ years of direct Web Application Security experience
- Understanding of a variety of technical concepts such as: Networking, systems administration, application development, and information security practices
- Experience with data analytics with the ability to provide qualitative analysis and recommendations.
- Strong verbal and written communication skills
- Strong organizational and/or project management skills
- Ability to develop strong working relationships with a variety of other enabling teams
- Strong attention to detail, data accuracy, and data analysis
- Self-motivated and operates with a high sense of urgency and a high level of integrity
Applicants must be fully authorized to work in the U.S. and physically be in the U.S.
- Certifications such as the OSWE or GIAC Web Application Penetration Testing (GWAPT) are strongly preferred
- Previous experience working in large scale environments with diverse technologies
- Experience and knowledge of performing security tasks within AWS or Azure cloud environments
- Ability to automate technical tasks through use of API or scripting
CORP-to-CORP requests will NOT be entertained.
Relocation assistance will not be available for this position.
Evo is an equal opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, gender identity, or any other protected factor.