SonicJobs Logo
Left arrow iconBack to search

NIH - Application Scanning Analyst

cFocus Software Incorporated
Posted 14 days ago, valid for 16 days
Location

Bethesda, MD 20824, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • cFocus Software is looking for an Application Scanning Analyst to support the National Institutes of Health (NIH) in a fully remote role.
  • The position requires a Public Trust clearance and at least 5 years of experience in application security assessments or web application vulnerability scanning.
  • Candidates should have a B.S. in Computer Science, Information Technology, or a related field, along with experience in conducting web application security testing and enterprise vulnerability management.
  • Duties include performing vulnerability scans, conducting security assessments, and collaborating with development teams to enhance application security.
  • The salary for this position is competitive, reflecting the candidate's experience and qualifications.
cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of experience performing application security assessments or web application vulnerability scanning.
  • Experience conducting authenticated and unauthenticated web application security testing.
  • Experience supporting enterprise vulnerability management programs.
  • Experience interpreting application security findings and developing remediation guidance.
  • Experience supporting Federal cybersecurity or large enterprise environments.
  • Preferred certifications include: GWAPT, GWEB, CSSLP, OSWA, or CEH

Duties:
  • Perform authenticated and unauthenticated web application vulnerability scans.
  • Conduct application security assessments against internally developed and commercial applications.
  • Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
  • Assess APIs, web services, and middleware for security vulnerabilities.
  • Conduct application configuration reviews and identify security weaknesses.
  • Perform recurring vulnerability scans in accordance with Government-defined schedules.
  • Analyze application scan results to identify security vulnerabilities and misconfigurations.
  • Validate scan findings to eliminate false positives.
  • Prioritize vulnerabilities using risk-based methodologies, including CVSS scoring and exploitability.
  • Correlate application vulnerabilities with infrastructure and network risks.
  • Identify critical vulnerabilities requiring immediate remediation.
  • Perform root cause analysis for recurring application security issues.
  • Collaborate with software development teams to improve application security.
  • Provide remediation recommendations aligned with secure coding practices.
  • Assist developers with vulnerability mitigation strategies.
  • Support integration of security scanning into DevSecOps and CI/CD pipelines.
  • Recommend application security improvements throughout the software development lifecycle (SDLC).
  • Promote secure-by-design principles across NIH application environments.



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.