NIH Application Scanning Analyst
Job Location:
Bethesda, MD - USA
Monthly Salary:
Not Disclosed
Posted on:
3 days ago
Vacancies:
1 Vacancy
Job Summary
cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science Information Technology or a related field
- 5 years of experience performing application security assessments or web application vulnerability scanning.
- Experience conducting authenticated and unauthenticated web application security testing.
- Experience supporting enterprise vulnerability management programs.
- Experience interpreting application security findings and developing remediation guidance.
- Experience supporting Federal cybersecurity or large enterprise environments.
- Preferred certifications include: GWAPT GWEB CSSLP OSWA or CEH
Duties:
- Perform authenticated and unauthenticated web application vulnerability scans.
- Conduct application security assessments against internally developed and commercial applications.
- Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
- Assess APIs web services and middleware for security vulnerabilities.
- Conduct application configuration reviews and identify security weaknesses.
- Perform recurring vulnerability scans in accordance with Government-defined schedules.
- Analyze application scan results to identify security vulnerabilities and misconfigurations.
- Validate scan findings to eliminate false positives.
- Prioritize vulnerabilities using risk-based methodologies including CVSS scoring and exploitability.
- Correlate application vulnerabilities with infrastructure and network risks.
- Identify critical vulnerabilities requiring immediate remediation.
- Perform root cause analysis for recurring application security issues.
- Collaborate with software development teams to improve application security.
- Provide remediation recommendations aligned with secure coding practices.
- Assist developers with vulnerability mitigation strategies.
- Support integration of security scanning into DevSecOps and CI/CD pipelines.
- Recommend application security improvements throughout the software development lifecycle (SDLC).
- Promote secure-by-design principles across NIH application environments.
Required Experience:
Senior IC
About Company
Our exclusive ATO as a Service⢠software & expert services automate FISMA RMF & FedRAMP compliance.