Web Application Vulnerability Analyst
Remote
Preferred Hours: 7am -4pm EST
Rate: $55- $60/hour
Job Summary:
We are seeking a highly skilled Web Application Vulnerability Analyst to join our client's Attack Surface Management team. The ideal candidate will have a strong background in identifying, analyzing, and mitigating vulnerabilities in web applications. This individual should have some knowledge in programming and expertise with vulnerability scanning solutions, such as Qualys, Insight AppSec, Tenable, CheckMarx and Veracode, to enhance the security posture of our web applications environment.
Key Responsibilities:
- Perform in-depth vulnerability assessments of web applications using tools like Burp, Zap, Qualys, Insight AppSec, Tenable, and Veracode.
- Collaborate with developers, DevOps, and infrastructure teams to remediate identified vulnerabilities and improve application security practices.
- Conduct manual and automated testing to identify security flaws, including SQL injection, XSS, CSRF, authentication issues, and other OWASP Top 10 vulnerabilities.
- Review and analyze scanning results, prioritize vulnerabilities based on risk, and provide actionable remediation guidance.
- Collaborate with the automation team on scripts and tools to enhance the vulnerability detection and remediation processes.
- Assist in establishing security best practices, guidelines, and frameworks for web application development.
- Participate in threat modeling and risk assessment processes for web application projects.
- Document vulnerability findings, remediation efforts, and recommendations in detailed reports for both technical and non-technical stakeholders.
- Stay updated with emerging threats, vulnerabilities, and attack techniques to proactively assess potential risks to web applications.
Qualifications and Skills:
Required:
• Proven experience in identifying and remediating web application vulnerabilities.
• Proficiency with vulnerability scanning tools like Burp, Zap, Qualys, Insight AppSec, Tenable, CheckMarx, and Veracode.
• Basic programming knowledge in languages such as Python, JavaScript, Java, or C# and knowledge of Selenium scripting required.
• Strong understanding of web technologies (HTML, CSS, JavaScript, APIs) and web application architectures.
• Familiarity with OWASP Top 10, SANS Top 25, and other industry-standard vulnerability frameworks.
• Experience in scripting and automation to streamline vulnerability management processes.
• Excellent analytical, problem-solving, and communication skills.
Preferred:
• Relevant certifications such as OSCP, GWAPT, CEH, or CSSLP.
• Experience working in Agile and DevSecOps environments.
• Knowledge of containerized applications and security tools (e.g., Docker, Kubernetes, etc.).
• Understanding of regulatory compliance requirements (e.g., PCI DSS, GDPR, HIPAA).
• Experience with penetration testing and exploit development.
