Application Security Analyst

Application Security Analyst

Come join NowSecure on our mission to save the world from unsafe mobile apps!

NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. 

Only the NowSecure Platform delivers fully automated mobile app security testing with the speed, accuracy, and efficiency necessary for Agile and DevSecOps environments. Through the industry’s most advanced static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. NowSecure is the simplest, fastest path to continuous mobile app security. 

More enterprises and government agencies trust NowSecure than any other as the simplest, fastest path to continuous security, mobile app security testing and expert certification, including 4 of top 5 banks, 4 of top 5 Federal Agencies, top retail & media brands and the top penetration testing service providers. Since 2009 we have been leading in the Mobile App Security space and we invite you to join us in the mission! 

NowSecure is actively seeking both entry level and expert applicants to work as an Application Security Analyst, located near our Tysons, VA office or remotely anywhere in the United States. This role will be involved in testing applications for our exciting, high-profile security projects that focus on the security of mobile apps and collaborating with our expert global team of mobile security researchers!

This dynamic role will be responsible for performing vulnerability assessments of mobile applications using best-of-breed tools and techniques, conducting research on various security and privacy topics as they apply to mobile, working with our customers to remediate security issues, and much more! The ideal candidate is highly energetic and interested in working in a company with many responsibilities and opportunities to learn. In addition, this person must be willing to work flexible hours and participate in occasional client meetings. This is a technical position that presents significant opportunities to do research, present at conferences, and pursue career advancement. 

The role:

• Identify opportunities for research projects involving mobile application communications.
• Utilize hacking and pen testing techniques to target mobile apps, web services, and associated IoT components.
• Perform dynamic scans and API security analysis on endpoints in mobile application architecture.
• Examine transmitted and stored data for personally identifiable information (PII) and/or mobile application artifacts.
• Create technically sound and actionable reports for customers.
• Convey technical topics to a variety of audiences including developers and security teams.
• Develop automation or tooling to aid in the inspection of network traffic logs from application testing sessions to identify anomalous or suspicious activity initiated by mobile applications.
• Work in an agile and expedited project structure.
• Demonstrate a resourceful and creative approach to solving technical and procedural problems.

Requirements

• Experience conducting application or network security assessments, security research, reverse engineering, or mobile development.
• Experience conducting network traffic captures / packet captures (PCAP) including familiarity with proxies such as OWASP ZAP, mitmproxy, Charles, Fiddler, Burp Suite, etc.
• Workable knowledge of command line interfaces or scripting tools.
• Solid understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.
• Self-starter with the ability to work independently, interface with multiple teams, and willingness to overcome challenging problems while identifying opportunities for improvement.
• Ability to multi-task and context switch to work on multiple project requests in parallel. 
• Must demonstrate a strong fundamental understanding of security.
• Attention to detail is a must.
• Bachelor’s degree in computer science, cyber security or related fields; or Bachelor’s degree in an unrelated field plus 2 years work experience in a cyber security position.
• Fluency in written and spoken English.
• High integrity, no criminal history or drug use.

Desired Skills

• Previous professional services or consulting experience.
• Previous research or analytics experience.
• Experience conducting security assessments on IoT platforms.
• Familiar with iOS or Android operating systems.
• Ability to script or develop as needed to scale automatable tasks.

Bonus Points

• Experience rooting or jailbreaking mobile devices.
• Experience with LTE and GSM protocols.
• Experience developing in Node.js, python, ruby, etc.
• Working knowledge of Frida or Radare2.
• Past experience with NowSecure tools.
• Active security certifications, including: CISSP, OSCP, CHFI, CEH, GPEN, GWAPT

What we offer:

• The salary band for this position ranges is competitive and commensurate with experience and performance. 
• This position will be eligible for a competitive annual bonus and equity package.
• Remote work flexibility (Find your team members working across the U.S. and globally!) 
• Unlimited PTO (And yes, we want you to use it!) 
• Comprehensive Medical/Dental/Vision coverage 
• 401K Plan with Company Match 
• Paid Parental Leave 
• Home Office Stipend 
• Company Retreats!! 
• The rare opportunity to work with sharp, motivated team members solving some of the most unique challenges with a passion for Mobile App Security! 

We Value Diversity

We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.

Do you want to love where you work?

Amazing Tech: NowSecure delivers the most advanced mobile app security testing technology on the planet designed by the world’s most advanced security researchers and top engineering talent.

Top Customers:  The world’s most skilled and demanding security teams depend on NowSecure.

Great Team: Smart, driven people powered by craftsmanship, leadership and teamwork at the core.

Get Things Done: At NowSecure, we move fast and with purpose to ensure our customers are always protected on mobile.

Department: Services

Location: Remote

FLSA Class: Exempt

Supervisor: Director, Application Security

Supervision Exercised: None

Travel Requirements: 10-20% for normal business needs

Environmental Conditions

Work Environment - Normal office environment and/or home office workspace.  Generally similar environment when visiting Company’s customer offices.  

Strength Guidelines - Employee will be expected to lift, move and carry 10-15 lbs in the normal scope of work.

Motion Parameters - Employee will be expected to sit for long periods of time with the option to stand or walk (stretch).  Employee may need to bend or squat when picking up items from the floor. Employee must have ability to type on a computer keyboard.

Vision and Hearing Requirements - Employee must be able to see a computer screen, read internal and external reports and summaries.  There is a normal amount of background noise in the office environment. Employee must be able to see and hear video conferencing tools.

Emotional Demands - Employee must be able to understand, react and respond to quick decisions, must be able to read and write with a high level of grammar skill including the ability to read, understand and interpret technical information and data.  On occasion, employee may have to speak publicly in company meetings and/or company led presentations, training and seminars.

Information Security Responsibilities

• Employee must follow all applicable policies in the Information Security Handbook, Master Information Security Policy and sub-policies, standards and procedures which are generally available to employee.
• Employee must maintain security of login credentials and information assets, and follow Data Classification policy regarding labelling and handling of Company data.
• Employee must report any security incidents pursuant to the Incident Response policy
• Employee must support information risk assessments, internal and external information security audit functions
• Employee must complete security training during on-boarding process as well as annually when arranged by the Company; and, maintain any certifications as required