Information Security Application Analyst

Houston, Texas, The Information Security Application Analyst reports to the Manager-Information Security Operations. Application Security Analyst will review session management controls, including testing for cross-site request forgery, to ensure that web applications maintain distinct user session. In addition, test susceptibility to SQL injections, cross-site scripting and other OWASP attacks and determine relevancy of threats to the organization. Conduct assessments of web applications, servers, endpoints, databases, client-side applications and tools, and APIs. Response to alerts, and security incidents and work with other Information Security Operations teams members to conduct internal penetration test on production applications. The right candidate is a self-starter with excellent development skills to perform duties such as, but not limited to, research and development of secure coding methodologies, providing experienced guidance pertaining to secure application development design and testing. Minimum Qualifications Bachelors Degree in Computer Science, Information System Preferred Licenses & Certification GWEB, FWAPT, CASE, CSSLP, C|EH Preferred Work Experience 4 Years of Experience -Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level. . Knowledge of dynamic web application scanners is a plus, including (but not limited to) OWASP Zed Attack Proxy, Rapid7 AppSec, Kali Linux, Metasploit, BURP Suite, HP WebInspect, Qualys, or WhiteHat. Static and dynamic code assessment tools.

Web Application Firewall concepts. RadWare, Fortify WebInspect Tenable Security Center. Knowledge of HIPAA Security Rule and PCI DSS. Communication Skills Exceptional Verbal (Public Speaking) Writing/ Correspondence Writing/ Reports Job Attributes Analytical Statistical

Source ⇲