NIH - Application Scanning Analyst
cFocus Software Incorporated · Bethesda, MD · 1 wk ago
RemoteRemoteEducationFull-time
Qualifications
- Public Trust Clearance
- B.S. in Computer Science, Information Technology, or a related field
- 5+ years of experience performing application security assessments or web application vulnerability scanning
- Experience conducting authenticated and unauthenticated web application security testing
- Experience supporting enterprise vulnerability management programs
- Experience interpreting application security findings and developing remediation guidance
- Experience supporting Federal cybersecurity or large enterprise environments
- PREFERRED: GWAPT, GWEB, CSSLP, OSWA, or CEH certifications
Duties
- Perform authenticated and unauthenticated web application vulnerability scans
- Conduct application security assessments against internally developed and commercial applications
- Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities
- Assess APIs, web services, and middleware for security vulnerabilities
- Conduct application configuration reviews and identify security weaknesses
- Perform recurring vulnerability scans in accordance with Government-defined schedules
- Analyze application scan results to identify security vulnerabilities and misconfigurations
- Validate scan findings to eliminate false positives
- Prioritize vulnerabilities using risk-based methodologies, including CVSS scoring and exploitability
- Correlate application vulnerabilities with infrastructure and network risks
- Identify critical vulnerabilities requiring immediate remediation
- Perform root cause analysis for recurring application security issues
- Collaborate with software development teams to improve application security
- Provide remediation recommendations aligned with secure coding practices
- Aid developers with vulnerability mitigation strategies
- Support integration of security scanning into DevSecOps and CI/CD pipelines
- Recommend application security improvements throughout the software development lifecycle (SDLC)
- Promote secure-by-design principles across NIH application environments