Posted in Other 13 days ago.
Lead ApplicationSecurity - Cyber Threat Division (Remote Opportunity)
Look for more than answers.
Patients and Physicians rely on our diagnostic testing,information and services to help them make better healthcare decisions. Theseare often serious decisions with far-reaching consequences, and requiresensitivity, tact and a clear dedication to service. It's about providingclarity and hope.
As a Security Specialist, you will work for the worldleader in the industry, with a career where you will have the opportunity tocollaborate and affect change while expanding your leadership skills and technicalknowledge. You can make a real impact in a market that is growing anddeveloping.
Weare looking for a talented and trustworthy application security specialist to coverall aspects of application security and vulnerability management. The primaryresponsibilities include manual secure code review, SAST, DAST, IAST,penetration testing(web/API/network), threat modeling, design review,vulnerability scanning, remediation coordination and tracking.
Toensure success, you should have advanced knowledge of computer and internetsecurity systems, high-level hacking skills, and the ability to create clearand concise reports. Candidates must have the skills necessary to quicklyidentify security flaws and provide actionable recommendations on how toimprove the security and protect information systems and data.
-Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
-Review SAST/DAST/IAST output for false positives (Gitlab, Contrast). Assist development with remediation.
-Perform penetration testing against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
-Report vulnerabilities to stakeholders and track remediation progress.
-Thorough understanding of cloud technologies and environments (AWS, Azure, Google).
-AppSec and vulnerability management for all aspects of DevSecOps/Cloud, Agile, CI/CD pipelines.
-Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.
-Identify, research and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.
-Serve as an infrastructure and application security subject matter expert for projects.
-Conduct Threat Modeling exercises to identify objectives and vulnerabilities, and define countermeasures to prevent, or mitigate the effects of,threatsto the system.
-Effectively communicate vulnerability details, risks and potential impacts to, application/infrastructure owners, stakeholders, and both onshore and offshore partners.
-Design, implement, and supportsecurity-focused tools and services.
-Assist with internal investigations, incident response, and other special requests or events.
-Competent to work independently at a high technical level.
-In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
-Inherent passion for information security and service excellence.
-Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
-Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives..
-Define and document internal, technical, and service processes and procedures
-Researching the company's systems, applications, network structure, and possible penetration sites.
-Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
-IDS/IPS, honeypot, and firewall evasion.
-Conducting penetration tests once new security features have been implemented.
-Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)
BS in Computer Science or equivalent required, MS preferred.
-Minimum 4-7 yearsof experience specific to ethical hacking including network, web application, clientside, wireless, social engineering, dumpster diving, mobile and web servicetesting.
-3-5 yearsexperience with the implementation and support of an IT Security programincluding aspects of threat and vulnerability management, threat intelligence,incident response, security management, and application security relatedproducts, projects, procedures, and processes.
-GXPN, GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications
-Proven work experience in manual secure code review.
-Advanced knowledge of networking systems and security software.
-In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
-Technical knowledge of routers, firewalls, and server systems.
-Good written and verbal communication skills.
-Good troubleshooting skills.
-Ability to see big-picture system flaws.
Experience isrequired in the following areas: manual secure code review, threat modeling,application security, penetration testing, vulnerability management, andsecurity consulting for application and/or infrastructure type projects. Experience with industry standardinfrastructure and application assessment tools such as, for example, Qualys,Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Anomali. Familiaritywith regulatory and industry security frameworks and best practices such asNIST, OWASP, PCI, SANS. Additionally,experience in planning, implementing and/or supporting the processes associatedwith the use of these methodologies.
Join us forcompetitive benefits and development opportunities in a progressive andsupportive environment. Help us improve our service, and the experiences of ourpatients and colleagues. Work with us and together we can be better.
Your Questcareer. Seek it out.
Allrequirements are subject to possible modifications to reasonably accommodateindividuals with disabilities. Quest Diagnostics is an Equal OpportunityEmployer: Women / Minorities / Veterans / Disabled / Sexual Orientation /Gender Identity or Citizenship.