Web Application Vulnerability Scanning Security Analyst
Job Locations: US-DC-Washington | US-TX-Fort Worth | US-Remote / Telework | US-TX-Fort Worth
Job ID 2019-3810:
Type: Regular Full-Time
Valiant Solutions is seeking a Web Application Vulnerability Scanning Security Engineer to join our growing team supporting a large Government Agency!
Valiant Solutions is a Cybersecurity company delivering cutting-edge security solutions to our Government clients. This is your chance to work with a wide range of technologies for a company that cares about its employees- Valiant has been named one of the Best Places to Work in the DC area FOUR years in a row! If you’ve got that ‘can-do’ attitude and possess the skills below, we’d love to talk to you about this exciting opportunity.
This position is ideally based in Washington DC, Denver CO, Fort Worth TX, or Kansas City MO and allows for a 60% – 80% telecommute benefit. Highly qualified candidate’s outside of those regions will be considered as well in a 100% remote capacity. Salary will be based on qualifications and education. All candidates must have US work authorization with the ability to pass Federal background and credit checks.
Valiant Solutions is seeking a Senior Web Application Vulnerability Analyst with experience utilizing web application vulnerability scans for large organizations. This experience will include knowledge of web application architectures and the programming languages used to develop them. The candidates will be able to demonstrate knowledge and experience identifying and explaining the risk vs. impact of web application vulnerabilities. The successful candidate will also have experience implementing and operating a web scan tool such as WebInspect or NetSparker. This will include the configuration of scheduled authenticated and unauthenticated scans and the configuration of reports for dissemination. Experience with a range of opensource scan and pen test tools is essential. Finally, the successful candidate must have experience with manual web vulnerability inspection (pen testing), including the manual validation of findings identified by automated scan tools.
Essential Job Duties
- Perform web application vulnerability scanning / analysis with dissemination of reports
- Manage an enterprise vulnerability assessment program, which will include conducting regular patch & configuration vulnerability assessments against core infrastructure via NetSparker scanning tool
- Manual vulnerability validation (pen testing)
- On the spot problem solving. Use of opensource pen testing software
- Basic scripting experience
- Research & Evaluate scanning and assessment findings of threats and vulnerabilities to assist in prioritization of remediation actions
- Investigation of conflicting scan reports, validation of findings or indicated false positives versus true positive
- Provide consultative services to Information System Security Officers or System Owners of web applications and address issues or concerns in scan results
- Assist in supporting the maintenance and patching of Windows Servers and NetSparker Application or Agents
- Educates internal and external stakeholders on security processes and procedures
- Keeps up to date with the latest testing and ethical hacking methods
Skills and Experience
- 6 years in IT security with one or more of the following:
- 5 years conducting vulnerability scanning using a network or web application security scanner: NetSparker, HP WebInspect, BurpSuite, ZAP, Nexpose, Nessus, OpenVAS or similar
- 5 years experience analyzing and interpreting scan reports and assisting in remediation.
- 5 years experience with manual web vulnerability validation and pen testing
- 2+ years in technical operations providing vulnerability system/platform support
- 2 years experience with scripting in either Powershell, BASH, Perl, or Python.
- 3 year hands-on in penetration testing or labs (HTB, VulnHub, Mutillidae, Metasploitable will do)
- All candidates must have US work authorization with the ability to pass Federal background and credit checks.
- Basic understanding of the HTTP protocol, common web languages, IAAA controls, CMS, and database, network, authentication & web technologies
- Basic knowledge of common web application attacks and their associated remediation strategies such as: SQLi, XSS, CSRF, and more.
- Experience with Windows and Linux Servers (Debian or RHEL) including applying patches and security updates
- Familiarity with Kali Linux command line scanners and tools such as: Nikto, NMAP, NSE, SSLScan, SQLMap, wpscan, droopescan, Metasploit
- Being able to work autonomously
- Responding to client request through email, call, chat, and ticket requests
- Security tool development: researching, planning, and implementing new tool features to make security tools more effective and add value for our client
- Configuring and running web application scans, adding new hosts to weekly and monthly scan lists
- Conducting false positive analysis and QA to vulnerability scan reports
- Strong customer service and oral/written communication skills required.
- Detail-oriented and able to organize information.
- Active with Integrity, a strong drive, goal oriented, being inquisitive and adaptable.
- Ability to lead peers while also receiving mentorship and guidance from assigned Senior penetration testers
- Pursuing knowledge and increased familiarity of web application security testing concepts
This job description can change at any time without notice.
About Valiant Solutions:
Valiant Solutions is a security-focused IT solutions provider with both public and private sector clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skillset. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.
Benefits Snapshot (includes, but not limited to):
- Valiant pays 99% of the Medical, Dental, and Vision Coverage for FTE
- Valiant contributes 25% towards Health Coverage for Family and Dependents
- 100% Paid Short Term Disability and Life Insurance Policy for FTE
- 100% Paid Certifications
- 401K Matching up to 4%
- Paid Time On – 40 hours to pursue innovation
- Valiant University – Online Education and Training Portal
- Reimbursement for Public Transit and Parking
- FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
- Referral Bonuses
Equal Opportunity Employer:
Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law.
- Must be able to remain in a stationary position 50% of the time and also be able to occasionally move about inside the office to access file cabinets, office machinery, etc.
- Must be able to constantly operate a computer and other office productivity machinery, such as a copy machine, and computer printer.
- Must be able to communicate, detect, converse with, discern, convey, express one self, and exchange information visually and verbally.
- Must be able to occasionally bend and lift files and papers up to 10 pounds throughout the office space for events and meetings.
Individual’s primary workstation is located in an office area
The noise level in this environment is low to moderate
Authorization to Share Resume and Personal Information:
By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.