Information Security Analyst

Posted 3 years ago
- Manual penetration testing of the applications and APIs to identify the OWASP Top 10
vulnerabilities and SANS 25. - Implementing Virus scanners to prevent uploading the malicious files to the client
Applications. - Creating details reports containing prioritized findings, demonstration of exploits,
explanation of compromise impacts, and recommendations for mitigation. - Performing security code review of client applications using HP Fortify static code
analysis tool. Help team to remediate security issues with sample code. - Installing, Configuring, Patching and maintaining the HP Fortify SSC and SCA security
tools. - Identification of different vulnerabilities in applications by using Nessus and proxies like
Burp suite pro to validate the server-side validations. - Performing the risk analysis and write-ups for the critical and high vulnerabilities related
to Network and web applications. - Performing Application architecture reviews to identify sensitive data (and applicable
security requirements) and to validate security controls (e.g. related to access
management, input validation, session management, cryptography, etc) included in the
design. - Using Nexus IQ Server to analyze third-party library code used in the applications and
identifying the vulnerabilities associated with the JARs. - Conducting Security Control Assessment on General Support Systems, Major
Applications and Systems to ensure that such Information Systems are operating within
strong security posture. - Investigates network traffic by reviewing logs from (firewalls, Intrusion Detection
Systems (IDS), Security Monitoring Tools and Intrusion Prevention Systems (IPS), and
Virtual Private Networking (VPN). - Conduct log reviews, malware triage as well as intrusion detection to discover real-time
threats and APTs. Conduct header capture and full packet logging to monitor activity
using various open source and proprietary network monitoring tools. - Compiled security metrics to evidence the work completed and provide transparency to
Sr. Management. - Conduct research to identify new attack vectors and proactive countermeasures for web
applications, and web services.