Security Analyst

• Conducting Web applications vulnerability assessment and penetration testing (Black box, Gray box and White box security testing)
• Performing baseline/configuration review of servers.
• Conducting External and Internal Network vulnerability assessment and penetration testing.
• Manual and automated security testing of applications
• Security testing on production environment or test environment
• Conducting Source code review of web and mobile applications
• Familiarity with XML, SOAP, JSON, and AJAX
• Hands-on experience with two or more scripting languages such as Python, Powershell, Bash, or Ruby
• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Acunetix, Kali Linux, Metasploit, etc.
• An aptitude for technical writing, including assessment reports, presentations, and operating procedures
• Strong understanding of security principles, policies, and industry best practices
• Database administration, device configuration hardening, and compliance
• Experience with common web frameworks, for example, jQuery, Bootstrap, Django, etc.
• Experience with common development languages, for example, VB.net, Java, C#, JavaScript, etc.
• Familiarity with Open-Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
• Working knowledge of defensive security techniques and technologies

• Earned a degree in Information Technology or Computer Science
• CEH Certification.
• Proven record of experience as a Certified Ethical Hacker
• Solid knowledge of networking systems and security software
• 1-2 years of relevant experience
• OSCP or AWAE/OSWE or SANS GWAPT/GPEN or ECSA / IOT or equivalent certification

ValueMentor