The Information Security Analyst will be responsible for penetration testing of Amplify systems and for reviewing security configurations of Amplify environments. Reporting to the Manager of Application Security, the Information Security Analyst will work closely with developers and IT Operations to diagnose, document, and remediate application and infrastructure security vulnerabilities.
The ideal candidate combines deep technical expertise with an ability to communicate and document complex security issues for a range of audiences including developers, system administrators, and management. The ideal candidate is innovative, resourceful, and self-directed, and enjoys working in a rapidly changing technical environment.
Apply here: http://ch.tbe.taleo.net/CH14/ats/careers/requisition.jsp?org=WIRELESSGENERATION&cws=1&rid=2953
This position may be funded, in whole or in part, through American Recovery & Reinvestment Act funds
Wireless Generation is an Equal Opportunity Employer, M/F/D/V.
Perform application and network penetration tests
Use automated techniques to identify application security vulnerabilities
Document vulnerabilities and work with developers and system administrators on vulnerability mitigation
Perform vulnerability scanning on systems and applications
Test for network vulnerabilities using Metasploit and publicly available exploits
Test for web application vulnerabilities such as cross-site scripting, SQL injection, directory traversal, man-in-the-middle attacks, authentication bypass, and command injection
Perform the review and analysis of security vulnerability data to identify applicability and false positives
Review firewall configurations and other infrastructure
Write clear, detailed penetration test reports
Document configuration security standards
Basic Requirements of Information Security Analyst:
Bachelor’s degree in computer science or related discipline, or equivalent experience.
3+ years of experience in information technology
1-2 years application and network penetration testing
Proficient in conducting penetration tests
1+ years experience working with common application security tools such as Fortify, WebInspect, Appscan, etc and vulnerability tools such as Nessus, NMAP, etc.
1+ years experience testing web applications for common security vulnerabilities as defined by Open Web Application Security Project (OWASP).
Proficient using network protocol analyzers and sniffers such as WireShark
Working knowledge of at least one script language (perl / python / ruby)
Preferred Requirements of Information Security Analyst:
Experience with vulnerability scanners
Experience testing web applications for common security vulnerabilities as defined by Open Web Application Security Project (OWASP). These include input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
Good understanding of API’s, using JSON and REST
Self-motivated and highly organized.
Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
Strong written and verbal communication skills and the ability to interact well with different levels within the organization
Ability to work well in a collaborative, team oriented environment