NIH Application Scanning Analyst


Job Location:

Bethesda, MD - USA

Monthly Salary: Not Disclosed
Posted on: 3 days ago
Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science Information Technology or a related field
  • 5 years of experience performing application security assessments or web application vulnerability scanning.
  • Experience conducting authenticated and unauthenticated web application security testing.
  • Experience supporting enterprise vulnerability management programs.
  • Experience interpreting application security findings and developing remediation guidance.
  • Experience supporting Federal cybersecurity or large enterprise environments.
  • Preferred certifications include: GWAPT GWEB CSSLP OSWA or CEH

Duties:
  • Perform authenticated and unauthenticated web application vulnerability scans.
  • Conduct application security assessments against internally developed and commercial applications.
  • Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
  • Assess APIs web services and middleware for security vulnerabilities.
  • Conduct application configuration reviews and identify security weaknesses.
  • Perform recurring vulnerability scans in accordance with Government-defined schedules.
  • Analyze application scan results to identify security vulnerabilities and misconfigurations.
  • Validate scan findings to eliminate false positives.
  • Prioritize vulnerabilities using risk-based methodologies including CVSS scoring and exploitability.
  • Correlate application vulnerabilities with infrastructure and network risks.
  • Identify critical vulnerabilities requiring immediate remediation.
  • Perform root cause analysis for recurring application security issues.
  • Collaborate with software development teams to improve application security.
  • Provide remediation recommendations aligned with secure coding practices.
  • Assist developers with vulnerability mitigation strategies.
  • Support integration of security scanning into DevSecOps and CI/CD pipelines.
  • Recommend application security improvements throughout the software development lifecycle (SDLC).
  • Promote secure-by-design principles across NIH application environments.

Required Experience:

Senior IC

cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.Qualifications:Public Trust ClearanceB.S. Computer Scien...

About Company

Company Logo

Our exclusive ATO as a Serviceā„¢ software & expert services automate FISMA RMF & FedRAMP compliance.

View Profile View Profile