Vulnerability Assessment Analyst

Job Title: Vulnerability Assessment Analyst (Application Security Test Engineer)

Job Duties:

• Perform manual and automated secure code reviews using tools like SonarQube.

• Utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST),

and Interactive Application Security Testing (IAST) tools.

• Implement and assess Runtime Application Self-Protection (RASP) solutions.

• Identify and remediate OWASP Top Ten vulnerabilities and recommend best practices.

• Conduct security assessments for APIs (REST, GraphQL) and implement OAuth-based

authentication security.

• Integrate security tools into CI/CD workflows and ensure their effective operation.

• Assess and secure container environments using tools like Docker and Kubernetes.

• Conduct comprehensive vulnerability testing using tools like Burp Suite, ZAP, Metasploit, Nmap,

and Nessus.

• Exploit and report vulnerabilities like SQL injection, XSS, and CSRF, providing actionable

remediation strategies.

• Perform mobile application security testing with frameworks like OWASP MASVS, MobSF, Frida,

and Objection.

• Conduct reverse engineering and vulnerability assessments for Android and iOS applications.

• Develop scripts and automation tools using Python, Bash, or PowerShell to streamline security

processes.

• Create custom tools and payloads to test unique environments effectively.

• Identify, prioritize, and communicate vulnerabilities to stakeholders with clear and concise

reporting.

• Develop remediation plans and conduct detailed risk assessments for vulnerabilities.

Expected Experience and Skills:

• Proficiency in secure code review tools like SonarQube and advanced vulnerability scanning

tools.

• Strong understanding of OWASP Top Ten vulnerabilities and remediation techniques.

• Knowledge of modern programming languages (Python, Java, C#, JavaScript) and frameworks.

• Experience with CI/CD integration of security testing tools.

• Hands-on expertise in container security with Docker, Kubernetes, and image scanning tools.

• Familiarity with network vulnerability tools such as Metasploit, Nmap, and Nessus.

• Proficiency in mobile application security testing, including reverse engineering techniques.

• Strong scripting skills for automation and the ability to develop custom security tools.

• Clear communication skills for reporting and stakeholder engagement.

Background and Minimum Requirements:

• A Masters Degree in Cybersecurity, Computer Science, or related fields, or Bachelors Degree

with equivalent experience:

• 5+ years of professional experience in application and network security testing.
• Proven expertise in vulnerability identification and remediation.

• Knowledge of formal vulnerability assessment methodologies and tools.

• Excellent written and oral communication skills.

• Strong analytical and problem-solving skills to address complex security challenges.