Lead Application Security Tester - Only W2

Minimum Experience: 10 Yrs - It is a Client Facing Role

Job Description: We are searching for a highly skilled and experienced Lead Application Security Tester to spearhead our application security initiatives. The ideal candidate will have extensive experience in cybersecurity, with a specialized focus on application security.

Responsibilities:

• Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA – Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE’s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file.
• DAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.
• During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities.
• Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users.
• Validation: Supplier will perform manual validation and false-positive analysis on the automated scan results.
• Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks.
• Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams.
• Complex application testing and remediation/mitigation recommendation author.

Technical leadership of group of less experienced testers.

Qualifications:

• Bachelor's degree required; equivalent experience equal to 4 years software development may be considered in lieu of degree.
• Government Clearance is a Plus.
• Deep familiarity with the OWASP Top 10 and other security concerns for web applications.
• Deep Understanding of OWASP Application Security Verification Standards (ASVS) .
• Deep understanding of SAST, DAST, SCA Scanning practices.
• Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools.
• Understanding of SAST, DAST tools and dependency scanning tools.
• Experience working/integrating with secret management systems such as HashiCorp Vault or AWS Secrets Manager.
• Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.).
• Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications.
• Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required).
• Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team.
• Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas.
• Mastery of English language.
• Full testing suite experience (10+ years).

Seniority Level: Mid-Senior level

Employment Type: Contract

Job Function: Information Technology

Industries: IT System Testing and Evaluation and IT Services and IT Consulting