Amarx Search, Inc.    

Direct Placement position in Goodlettsville, TN
Position ID: 2202

An excellent position with one of the largest US retailers

* Senior Information Security Analyst *

Please apply ONLY if you 5+ years of relevant security test experience

Visa sponsorship is not available for this position

We can ONLY consider your application if you have:

1: 5+ Years Combined Experience in 2 or More of the Following: Web Application Security Testing, Mobile Application Security Testing, API Security Testing, Network Penetration Testing, Source Code Security Analysis
2: Strong, Hands-on Experience with Security Testing Tools such as: DAST (e.g. Fortify WebInspect, Fortify WebInspect Enterprise, IBM AppScan), SAST (e.g. Fortify SCA, Checkmarx CxSAST), Development Collaboration Platforms (e.g. Fortify SSC, Gitlab, Jira), Web Proxy Tools (e.g. BurpSuite Professional / BurpSuite Enterprise, OWASP ZAP), Open-Source Testing Tools (e.g. Nmap, OpenSSL, Metasploit, SQLMap)
3: Understanding of Network/Server Technologies such as: Firewalls (Network, Host, and Web Application), Cloud Hosting, Containerization, DNS, Routing, and other Common Networking Principles, Directory Services / Active Directory, Web Server Platforms (IIS / Tomcat), API / Web Services, PKI / Web Certificates
4: Familiarity with Compiled/Scripting Languages (e.g. C#, JavaScript, Python, Java, Swift, Kotlin)
5: Strong, effective written and oral communications skills
6: Ability to clearly communicate pragmatic security risk and remediation recommendations to technical (e.g. developers) and non-technical audiences

We are looking for an outstanding hands-on application security professional to join an application security team. The ideal candidate must have extensive experience in application security testing.

DESIRED (not required) SKILLS:
:: Software development background
:: Active certification (e.g. OSCP, OSWE, CSSLP, CISSP)

Duties and Responsibilities
== Conduct security testing of web/mobile applications and web services/APIs, including source code security analysis (SAST) and dynamic (DAST) testing using a combination of commercial, open-source tools, and manual testing methods
== Perform security reviews of network infrastructure and endpoints hosted within the internal network as well as SaaS environments
== Adhere to best practice frameworks (e.g. OWASP)
== Use threat modeling tools to explore potential application, network, and infrastructure security-related threats
== Deliver timely and accurate security testing results to both technical and non-technical audiences
== Track and follow-up on remediation of identified security risks
== Act as liaison between application security teams, development teams, business units and vendors
== Provide subject matter expertise in security best practices and standards to ensure compliance with company security standards.
== Work closely with business units to determine work estimates and scope
== Propose and implement ideas to enhance and automate security-related processes
== Stay current on emerging technologies, products, and trends related to security solutions and testing techniques

Please send resume as a Microsoft Word attachment to

Amarx Search, Inc.