Technical Security Analyst
Dulles, VA 20166
6 month contract to hire
We are seeking an IT Security Analyst to join our team! The security analyst will implement security measures for the protection of computer networks and information, deliver information security solutions and services to protect information assets, computing infrastructure, applications, and data. The ideal candidate will have great interest in information security, has hands-on security engineering experience, and be able to come up with creative and unique solutions to security- related problems.
- Perform vulnerability scan, analysis, validation and remediation activities.
- Work within the vulnerability management team helping to identify and mitigate risks.
- Perform network and application penetration testing.
- Validate vulnerabilities discovered through code analysis.
- Classify and prioritize the risk of new vulnerabilities according to the specifics of Verizon Media environment' s risk level, mitigating factors, and assessment of the impacts of internal and external threats.
- Engineer application, system and network security solutions to meet security requirements for varied operating environments.
- Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.
- Work with customers to oversee remediation of identified security issues.
- Perform technical and non-technical compliance activities.
- Provide security subject matter expertise to Verizon Media product teams including developers and system administrators.
- Perform security validation for configuration settings on different systems
- Bachelor’ s degree with a minimum of 1 year of information security work experience.
- Fluent in a variety of web application protocols, operating systems and networking technologies.
- Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux, Windows and OSX), patching and attack patterns.
- Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Command Injection, SSRF, Cookie Manipulation among others.
- Experience with testing applications against OWASP Top 10 Vulnerabilities.
- Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).
- Certified Information Systems Security Professional (CISSP).
- Certified Ethical Hacker (CEH)
- Familiarity with Enterprise Vulnerability Management tools such as Rapid 7 Nexpose, Nessus and Qualys. Familiarity with Amazon Web Services (AWS) security.