Cybersecurity Vulnerability Analyst

Are you a Cybersecurity Vulnerability Analyst with 7+ years of experience in web application penetration testing and secure code review? Apply now for a contract opportunity with a European institution. This role focuses on application security testing including mobile/web application pentesting and secure code review.

Requirements:

• 7+ years of experience conducting vulnerability assessments of web applications including code review
• 10+ cumulative years of experience in software development in Python, .NET, and Java to identify and explain source code vulnerabilities
• Graduate degree (minimum Bachelor's level) required
• Very good knowledge and practical hands-on experience in OWASP Testing Methodologies
• Deep knowledge and proven experience of security testing processes and procedures used at the European Commission
• Strong expertise in Corporate Application Security Testing tools including Fortify Software Security Centre, Sonatype LifeCycle, Portswigger Burp, Fortify SCA (static code analyzer), Veracode, Snyk.io, OWASP Dependency Check, Bamboo, and Bitbucket
• Strong experience in executing Web/Mobile Application secure code review
• Strong experience in Web/Mobile Application penetration testing
• Ability to cope with fast-evolving technologies in Web Application Security
• Advanced ability to develop custom scripts and craft 0-day exploits
• Very good communication skills with both technical and non-technical audiences, ensuring accurate, business-relevant translation of technical findings
• Strong analysis and problem-solving skills
• Capability to write clear, structured technical documents including application security testing reports
• Ability to participate in and lead technical meetings, ensuring objectives are achieved
• Languages: English (fluent)

Job Description:

• Prepare custom scripts, integrations, and automations for application security testing
• Draft playbooks and technical documentation
• Execute Application Security Tests from start to finish
• Coordinate with customers and set up testing environments
• Execute Penetration Testing on deployed Web and/or mobile applications
• Execute Secure Code Review on source code of Web and/or mobile applications
• Draft Security Testing reports documenting findings and recommendations
• Present results to customers at both technical and management levels
• Develop and maintain software including automation, integration, and exploits
• Interact with relevant customer teams and external stakeholders to ensure clear communication, alignment, and efficient collaboration
• Apply OWASP Testing Methodologies to identify vulnerabilities
• Perform static analysis on source code using tools like Fortify SCA
• Perform dynamic analysis on running applications in non-production environments
• Use Corporate Application Security Testing tools including Fortify Software Security Centre, Sonatype LifeCycle, Portswigger Burp, Veracode, Snyk.io, and OWASP Dependency Check
• Identify potential vulnerabilities in applications before they go live
• Review Python, .NET, and Java source code to identify security vulnerabilities
• Develop custom scripts and craft 0-day exploits when necessary
• Ensure early detection of security issues through comprehensive testing
• Translate technical security findings into business-relevant language for management
• Lead technical meetings with customers and stakeholders
• Maintain up-to-date knowledge of fast-evolving web application security technologies
• Follow security testing processes and procedures used by the client