Description
Job Title: Vulnerability Analyst
Location: Luxembourg
Job Type: Contract
Duration: Long term
Pay Rate: €550.00 per day
My Client a global IT consultants is currently looking for a contract Vulnerability Analyst for a long term project working in a busy office in the cultural city of Luxembourg.
Around 3 - 4 years experience as a Vulnerability Analyst would be ideal
Main activities, responsibilities, reference tasks in support of the applied position:
• Acting as an IT Security Consultant in the Web Application Vulnerability Assessment service
• Participation in the setup and inception of the web application vulnerability assessment service
• Evaluation, selection and recommendation of testing tools used by the service -Tools evaluation report.
• Installation and updates (on a regular basis) of vulnerability testing tools used in the service.
• Perform vulnerability assessments of web applications including: static analysis (code review) and dynamic analysis (penetration testing) -Test, report, advice (iterative process).
• Documentation:o Defining methodologies and procedures of tests
o Communication support with development teams
o Writing of web application vulnerability assessment reports including a list of detected security issues and recommendations for internal and external clients.
o Writing of "Web Application Secure Development Guidelines" document (Java/JEE and ColdFusion): to provide a reference of good practices dedicated to security at application level.
• Definition of security metrics and statistics on the evolution of fixes performed on reported vulnerabilities.
• Setup and deployment of a continuous integration system for vulnerability self-assessment where development teams can perform source code analysis during the development phase.
• Service management (requests, responses, reports, recommendations…).
• Coaching of new colleagues.
Web application vulnerability assessment
• IT Security engineering
• Penetration testing
• Security source code review for languages (Java, JSP, ColdFusion, PHP, .NET)
Methodologies: (used in the project) -OWASP (Open Web Application Security Project), Metasploit framework, Software Development Life Cycle (SDLC), CVE (Common Vulnerabilities and Exposures), WASC (Web Application Security Consortium) …
Specific Skills:
• Security of web applications and web services
• Security of mobile applications
• Vulnerability assessment of web applications using automated scanners and manual tools: static analysis (code review) of the source code, penetration testing and dynamic analysis of deployed application
• Web applications development: Java/JSP, ColdFusion, PHP, JavaScript/HTML.
• High experience with vulnerability testing tools for information security technology.
• Good knowledge of different kind of vulnerabilities and attack scenarios in web applications (risks assessment, assets entrusted to web application).
• Writing skills: methodologies, procedures of tests, recommendations and vulnerability assessment reports of tested applications.
• Cryptography principles
• Good understanding of the components of an SDLC