Information Security Analyst

Posted 11 months ago
  • Manual penetration testing of the applications and APIs to identify the OWASP Top 10
    vulnerabilities and SANS 25.
  • Implementing Virus scanners to prevent uploading the malicious files to the client
    Applications.
  • Creating details reports containing prioritized findings, demonstration of exploits,
    explanation of compromise impacts, and recommendations for mitigation.
  • Performing security code review of client applications using HP Fortify static code
    analysis tool. Help team to remediate security issues with sample code.
  • Installing, Configuring, Patching and maintaining the HP Fortify SSC and SCA security
    tools.
  • Identification of different vulnerabilities in applications by using Nessus and proxies like
    Burp suite pro to validate the server-side validations.
  • Performing the risk analysis and write-ups for the critical and high vulnerabilities related
    to Network and web applications.
  • Performing Application architecture reviews to identify sensitive data (and applicable
    security requirements) and to validate security controls (e.g. related to access
    management, input validation, session management, cryptography, etc) included in the
    design.

  • Using Nexus IQ Server to analyze third-party library code used in the applications and
    identifying the vulnerabilities associated with the JARs.
  • Conducting Security Control Assessment on General Support Systems, Major
    Applications and Systems to ensure that such Information Systems are operating within
    strong security posture.
  • Investigates network traffic by reviewing logs from (firewalls, Intrusion Detection
    Systems (IDS), Security Monitoring Tools and Intrusion Prevention Systems (IPS), and
    Virtual Private Networking (VPN).
  • Conduct log reviews, malware triage as well as intrusion detection to discover real-time
    threats and APTs. Conduct header capture and full packet logging to monitor activity
    using various open source and proprietary network monitoring tools.
  • Compiled security metrics to evidence the work completed and provide transparency to
    Sr. Management.
  • Conduct research to identify new attack vectors and proactive countermeasures for web
    applications, and web services.

Apply Online

A valid email address is required.