Review vulnerabilities, reproduce issues, and coordinate remediation with application development teams
Analyze security aspects focusing on TLS 1.2, XSS, cookies and XML handling
Utilize Burp Suite for security testing and respond to periodic tool-based security reports (FOD)
Ensure alignment with OWASP Top 10 and Mars-E 2.0 health insurance standards and participate in security engineering initiatives
Job description
Visa status: U.S. Citizens and those authorized to work in the U.S. are encouraged to apply.
Tax Terms: W2, 1099
Corp-Corp or 3rd Parties: Yes
Position title: Application Security Eng / Developer. Remote – can work anywhere in USA. 6+ Months Insurance client
Job Description:
The customer is an online insurance marketplace for state sponsored health insurance in the US.
They follow OWASP top 10 and Mars-E 2.0 health insurance compliance standard. There is more visibility for security engineering initiative now since state health insurance users brought it up in a user conference. They do get periodic tool based reports (using FOD) and is following process to have dev engineers look into this.
Candidate has to be a solid Security Engineering developer – Expectation is as below.
We need someone who can go to technical depth. For example, some questions will be around TLS 1.2, misusing XML to delete a file, protecting cookies, technical depth in XSS, etc.
He/she will have to review the vulnerabilities, reproduce the issue, collaborate with the application dev team and if required remediate the issue.
Experience in Burp Suite is desirable.
Desirable if the candidate has a Certified Ethical Hacker (CEH) Certification.
