Title: Application Security Analyst/Engineer
Location: Remote
Duration: 12 Months
Compensation: $60.00- $85.00
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S.
 
Skillset / Experience:
Our company is seeking an Application Security Analyst / Engineer who will be responsible for analyzing the security of new or existing web applications and services and delivering actionable results. This role will provide guidance in the technology evaluation, design and the implementation of web application security technologies providing expertise around secure coding practices, application security technical assessments and tools.

Responsibilities 
This role will require the applicant to be able to complete tasks and responsibilities relating to the
following areas:

• Perform black-box and white box security testing on web applications and web services, including web application penetration testing
• Integrate security testing tools into the quality assurance process
• Perform code reviews with the software engineering team and identity common coding flaws
• Conduct vulnerability analysis of software patches and updates and prepare vulnerability analysis reports
• Conduct threat modeling and document software attack service elements
• Conduct risk analysis of applications and systems undergoing major changes
• Determine project security controls from customer requirements and develop documentation to capture them
• Integrate software cybersecurity objectives into project plans and schedules
• Address security implications in the software acceptance phase
• Conduct trial runs of programs and software applications with software engineering
• Develop software system testing and validation procedures
• Determine cybersecurity measures for steady state operation and management of software
• Incorporate product end-of-life cybersecurity measures
• Collaborate with the InfoSec team to assess and assist in remediation of vulnerabilities

Qualifications: 
This role will require the applicant to have proficient knowledge in the following areas:

• Confidentiality, Integrity and Availability (CIA) principles and practices
• Risk management processes, models, frameworks, principals and best practices including the supply chain
• Risk acceptance and documentation
• Root cause analysis tools and techniques
• Customer and cybersecurity requirements and gathering
• Cybersecurity and privacy principles and practices
• Cybersecurity threats and their characteristics
• Cybersecurity vulnerabilities
• Defense-in-depth principles and practices
• Software engineering and software security principles and practices
• Secure coding tools and techniques
• Code analysis tools and techniques
• Web application and web service risk
• Web application and web service protocols
• Security and penetration testing principles, practices, tools and techniques
• Automated and black-box software security testing tools and techniques

This role will require the applicant to have proficient skills in the following areas:

• Performing root cause analysis
• Identifying systems designed without security considerations
• Scanning for and recognizing vulnerabilities
• Applying black-box software testing
• Designing secure test plans
• Communicating with engineering staff
• Conducting customer interviews
• Performing risk analysis
• Performing static code analysis

Preferred Experience:

• Web Application Security Testing Certification
• GIAC, PortSwigger
• Five or more years performing web application and web service security assessments, including threat modeling, automated scanning and manual penetration testing
• Equivalent professional experience

 
Our benefits package includes:

• Comprehensive medical benefits
• Competitive pay, 401(k)
• Retirement plan
• …and much more!

 
About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
 
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
 

Information collected and processed through your application with INSPYR Solutions (including any job applications you choose to submit) is subject to INSPYR Solutions’ Privacy Policy and INSPYR Solutions’ AI and Automated Employment Decision Tool Policy: https://www.inspyrsolutions.com/policies/. By submitting an application, you are consenting to being contacted by INSPYR Solutions through phone, email, or text.

25-17339