Salary Resume Critique Job Openings

Security Analyst-Expert

V Group Inc
Remote, Other
POSTED ON 2/9/2023 CLOSED ON 3/27/2023

What are the responsibilities and job description for the Security Analyst-Expert position at V Group Inc?

Job Description

Direct Client: Washington Health Benefit Exchange
Job Title: Security Analyst - Expert
Duration: 3 Months Contract with possible extension.
Start Date: 03/27/2023
Location: Remote
Position Type: Contract
Interview Type: Phone & In-person/Skype
Requirement ID: SWA_CYBE207_SS

Description: Washington Health Benefit Exchange (WAHBE)
Washington Health Benefit Exchange (WAHBE) requires an expert level Security Analyst to assist WAHBE's Security team. The Resource will be responsible for leading assessment and validation of application and system security controls to help identify gaps in enterprise security and privacy controls.
A. PURPOSE AND GOALS
  • This resource will provide security subject matter expertise to a variety of technical and non-technicalaudiences.
  • This resource will lead the development and implementation of a penetration testing strategic program plan.
  • This resource will focus on the use of the out of the box applications in addition to internally developed applications and scripts with the focus on penetration testing.
  • This resource will be responsible for reporting findings and working with technical staff for remediation.
B. PROJECT TEAM AND ENVIRONMENT
  • This resource is a key member of the Security Team and will report directly to the Information Security Manager (ISM). This resource will collaborate closely with members of the Security Team, and other WAHBE departments, staff, contractors, and external WAHBE partners.
A. DUTIES, TASKS, AND RESPONSIBILITIES
  • Plan, communicate, coordinate, and lead application security and penetration tests in addition to developing other security assessments for enterprise applications and systems.
  • Lead the development of the WAHBE Penetration Testing strategic program and tactical plans including relevant areas of application security.
  • Perform accurate validation and assessment of vulnerability scan results.
  • Perform maintenance and operations of WAHBE Application Security toolsets.
  • Develop scripts and other appropriate automation for repeatable tasks in vulnerability validation and application security testing (Dynamic Application Security Testing, Static Application Security Testing, Interactive Application Security Testing).
  • Perform mobile application security testing and lead remediation of discovered vulnerabilities and privacy risks.
  • Create comprehensive and accurate application security and penetration testing reports with recommendations for appropriate remediation.
  • Participate in incident investigation and provide advanced analysis, as needed, and assist in development of strategies to respond to and recover from a security breach.
  • Work with software developers on defining technical solutions for resolution of identified vulnerabilities.
  • Select, recommend, install, configure, and customize security testing tools and develop procedures for suitable use of such tools during security assessments.
  • Make appropriate use of automated tools during security assessments (Metasploit, Nmap, Nessus, Burp Suite, etc.).
  • Perform security assessments of new enterprise solutions to be procured and implemented by WAHBE focusing on the underlying risk to the organization, providing consultation and recommendations as appropriate.
  • Assist in developing training materials for advanced security roles and responsibilities including secure coding standards and technical guidance.
  • Provide security consultation and assessments for cloud environments and containers, focused on best practices and technical analysis.
  • Create Misuse, Abuse, and Confuse cases within the Agile methodology during user story/case development.
  • Perform security analysis and consultation of product requirements and system changes (RFCs) in an Agile environment.
  • Assist WAHBE with "shifting security to the left" by providing security consultation and technical analysis during the early stages of the SDLC to ensure security is built-in by design.
  • Assist WAHBE with the DevSecOps Program, building the CI/CD pipelines as necessary to integrate Application Security into the Secure Software Development Life Cycle (SDLC).
  • Assist WAHBE in managing and updating policies, procedures, and standards utilizing the Secure Software Development Lifecycle.
  • Work with the Risk Management Office in the remediation of vulnerabilities, audit findings and risks tracked and monitored. Liaise with enterprise architects and engineers to share best practices, insights, and requirements.
  • Mentor junior positions in development of key skills necessary to defend the organization.
  • Performs other duties as assigned within the scope of application security and penetration testing.
C. PROJECT-SPECIFIC QUALIFICATIONS AND EXPERIENCE
Required:
  • 10 years of Information Security experience in specialized roles such as penetration testing, application development, application security testing or network security testing.
  • 5-7 years in software development or IT security related fields.
  • Excellent understanding of software development lifecycle (SDLC), architecture design and IT operations.
  • Experience performing application security code and roles matrix review and practical risk assessments.
  • Experience working with threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK, etc.).
  • Experience with common vulnerability assessment tools (e.g., Nessus, RAPID7, Nmap, Burp Suite).
  • Experience with common networking tools (e.g., Wireshark, tcpdump, netcat).
  • Excellent understanding of emerging cybersecurity.
  • Excellent understanding of networks, hosting models and IT Infrastructure.
  • Strong analytical and problem-solving skills with the ability to "think outside of the box".
  • Understanding of core Internet protocols and routing (e.g., DNS, HTTP, TCP, UDP, TLS, IPsec).
  • Operational understanding of cryptography fundamentals (e.g., SSL/TLS, password security, filesystem encryptions, etc.).
  • Excellent verbal and written communication skills.
  • Creative and proactive problem solver; must possess the ability to make independent decisions and judgments about work priorities.
  • Well organized, flexible, resourceful, and efficient with strong attention to detail.
  • Strong interpersonal skills: ability to work with all levels of internal management and staff, as well as outside clients, vendors, diverse populations, stakeholder groups, and customers.
Desired qualifications specific to this work request include:
  • Experience with administering serverless, cloud-based enterprise applications and environments.
  • 2-4 years penetration tester experience.
  • Experience with securing cloud hosted systems.
  • Experience working with application security methodologies such as OWASP.
  • Experience in mobile application security.
  • Experience working with Security information and event management.
  • Experience in the government and/or health care fields.
  • Bachelor's or Master's degree in Cybersecurity or related field.
____________________________________________________________
V Group Inc. is an IT Services company that supplies IT staffing, project management, and delivery services in software, network, help desk and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/ contracts with the following states: AR, CA, DE, FL, GA, IL, KY, MD, ME, MI, NC, NJ, NY, OH, OR, PA, SC, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant.
Please share my contact information with others working in Information Technology.
Website: www.vgroupinc.com
Twitter: www.twitter.com/VGroupITService
Facebook: www.facebook.com/VGroupIT

Salary : $50 - $0

Security Analyst - Certificate and TLS Expert
PNC -
Strongsville, OH
View Job Details
Expert Cyber Security Technical Analyst
Armison Tech -
Chantilly, VA
View Job Details
Senior COMSEC Analyst - National Security Expert
Get It Recruit - Hospitality -
Aiea, HI
View Job Details

For Employer
Looking for Real-time Job Posting Salary Data?
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

Sign up to receive alerts about other jobs with skills like those required for the Security Analyst-Expert.

Click the checkbox next to the jobs that you are interested in.

  • Disaster Recovery Planning Skill

    • Income Estimation: $112,194 - $138,488
    • Income Estimation: $124,693 - $157,449

  • Cloud Security Skill

    • Income Estimation: $124,693 - $157,449
    • Income Estimation: $149,032 - $188,459
This job has expired.
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Not the job you're looking for? Here are some other Security Analyst-Expert jobs in the Remote, area that may be a better fit.

Domestic Services Aide 5-E6

Security Analyst (Departmental Analyst-E), VR..., Grand Rapids, MI

Cyber Security Analyst / Expert

Rapid Cycle Solutions, LLC, Chantilly, VA

View More Jobs