Security Test and Evaluation Analyst

Advance Digital Systems
14 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Tech stack

Microsoft Windows
API
Artificial Intelligence
Amazon Web Services (AWS)
Data analysis
Apple Mac Systems
Azure
Cloud Computing
Code Review
Cross-Site Request Forgery
Database Security
Linux
Networking Hardware
Kali Linux
Network Security
Network Protocols
Fortify (Software)
Web Application Security
SQL Injection
Systems Architecture
Web Applications
Network Routers
Firewalls (Computer Science)
Gitlab
Cross Site Scripting
Tenable Nessus
ServiceNow
Vulnerability Analysis

Job description

· Implement comprehensive security tests that include all phases of the ethical hacking process (e.g., reconnaissance, footprinting, scanning, exploitation, and post-exploitation) and other security assessment activities (e.g., static or dynamic code review, system architecture diagram review, control evaluation) to demonstrate or emulate an adversary's ability to gain unauthorized access to sensitive data and systems that reside in either local (on-premises) or cloud computing solutions.

· Conduct security assessment activities and design approaches to augment with AI enhancements (e.g., static or dynamic code review, system architecture diagram review, control evaluation).

· Implement AI-enabled solutions for security test and evaluation and adapt existing processes to integrate emerging AI capabilities into standard operations.

· Provide key requirements, observations, design suggestions, and artifacts to inform the development of AI technologies that will support the adoption of AI technology to establish a security test and evaluation program.

· Conduct scenario-based and functional security testing during authenticated and unauthenticated testing and identify and deliver solutions that leverage AI for these capabilities.

· Analyze the output of AI models designed to identify and probe vulnerabilities in hardware, software and cloud-resident systems and suggest remediation strategies to reduce risk and close gaps.

· Abide by all governance and standards as defined by the Organization or levied by external entities to remain compliant with all requirements when implementing AI solutions.

· Develop analytic products and reports that demonstrate the effectiveness of AI-enabled security test and evaluation practices to include metrics and technical reports.

Requirements

We are seeking a Security Test and Evaluation Analyst with experience implementing artificial intelligence (AI) for static and dynamic security application testing, control assessments, and ethical hacking activities. The ideal candidate will have deep expertise with traditional security test and evaluation practices, activities, and technologies. The ideal candidate will also have experience working with a variety of AI technologies and models for security test and evaluation. This position will require the development and delivery of AI-enabled security test and evaluation processes, tools, and capabilities., · 5+ years of hands-on security test and evaluation experience that includes use of technologies such as Tenable Nessus, GitLab vulnerability scanning features, Fortify, Invicti, Mandiant MSV, Kali Linux, Wiz, etc.

· 3+ years of hands-on security test and evaluation experience that includes cloud resident technologies in Amazon Web Services, Microsoft Azure, ServiceNow, etc.

· Experience implementing comprehensive security tests to include all phases of the ethical hacking process (e.g., reconnaissance, footprinting, scanning, exploitation, and post-exploitation).

· Hands on experience implementing AI solutions for security test and evaluation.

· Experience analyzing data and software to identify and test security gaps and vulnerabilities for exploitability.

· Experience collaborating with key stakeholders to assess, prioritize, and develop actionable plans to address the discovered gaps.

Preferred Qualifications

· Demonstrated experience leverage AI-enabled capabilities for security test and evaluation activities in a hybrid environment.

· Deep understanding of network protocols, configurations, security technologies, and security practices, including network security, operating system hardening, database security, and web application security for both local (on-premises) and cloud computing solutions.

· Deep understanding of common vulnerabilities and attack vectors, including experience identifying and exploiting vulnerabilities in operating systems (e.g., Windows, Linux, and macOS), network devices (e.g., firewalls, routers, and switches) and web applications and application program interfaces (e.g., SQL injection, cross-site scripting and cross-site request forgery).

· Experience operating in government environments that follow NIST, FISMA, FedRAMP, and OMB guidance.

Apply for this position