Application Security Analyst - Remote opportunity

Company: NowSecure
Location: San Francisco
Posted on: November 22, 2021

Job Description:

Application Security Analyst

Come join NowSecure on our mission to save the world from unsafe mobile apps!

As a cyber security innovator, we are the leader in Mobile Application Security Testing. We literally wrote the book on mobile app forensics and testing. NowSecure offers a platform that protects users, devices, apps and enterprises. We are proud to have 100+ customers that include some of the largest banks and corporations across industries such as finance, defense and healthcare.

We were founded with a mobile-only focus and a strong DNA in forensics and enterprise security. Currently, we have authored five technical books on mobile security for Android and iOS with multiple patents pending. Our engineers and researchers believe in creating conversations and supporting the community, so we build and share open source tools.

NowSecure is actively seeking both entry level and expert applicants to work as an Application Security Analyst, located near our Tysons, VA office or remotely anywhere in the United States. This role will be involved in testing applications for our exciting, high-profile security projects that focus on the security of mobile apps and collaborating with our expert global team of mobile security researchers!

This dynamic role will be responsible for performing vulnerability assessments of mobile applications using best-of-breed tools and techniques, conducting research on various security and privacy topics as they apply to mobile, working with our customers to remediate security issues, and much more! The ideal candidate is highly energetic and interested in working in a company with many responsibilities and opportunities to learn. In addition, this person must be willing to work flexible hours and participate in occasional client meetings. This is a technical position that presents significant opportunity to do research, present at conferences, and pursue career advancement.

The role:

• Identify opportunities for research projects involving mobile application communications.
• Utilize hacking and pen testing techniques to target mobile apps, web services, and associated IoT components.
• Perform dynamic scans and API security analysis on endpoints in mobile application architecture.
• Examine transmitted and stored data for personally identifiable information (PII) and/or mobile application artifacts.
• Create technically sound and actionable reports for customers.
• Convey technical topics to a variety of audiences including developers and security teams.
• Develop automation or tooling to aid in the inspection of network traffic logs from application testing sessions to identify anomalous or suspicious activity initiated by mobile applications.
• Work in an agile and expedited project structure.
• Demonstrate a resourceful and creative approach to solving technical and procedural problems.
  
  Requirements
  
  • Experience conducting application or network security assessments, security research, reverse engineering, or mobile development.
  • Experience conducting network traffic captures / packet captures (PCAP) including familiarity with proxies such as OWASP ZAP, mitmproxy, Charles, Fiddler, Burp Suite, etc.
  • Workable knowledge of command line interfaces or scripting tools.
  • Solid understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.
  • Self-starter with the ability to work independently, interface with multiple teams, and willingness to overcome challenging problems while identifying opportunities for improvement.
  • Ability to multi-task and context switch to work on multiple project requests in parallel.
  • Must demonstrate a strong fundamental understanding of security.
  • Attention to detail is a must.
  • Bachelor's degree in computer science, cyber security or related fields; or Bachelor's degree in an unrelated field plus 2 years work experience in a cyber security position.
  • Fluency in written and spoken English.
  • High integrity, no criminal history or drug use.
    
    Desired Skills
    
    • Previous professional services or consulting experience.
    • Previous research or analytics experience.
    • Experience conducting security assessments on IoT platforms.
    • Familiar with iOS or Android operating systems.
    • Ability to script or develop as needed to scale automatable tasks.
      
      Bonus Points
      
      • Experience rooting or jailbreaking mobile devices.
      • Experience with LTE and GSM protocols.
      • Experience developing in Node.js, python, ruby, etc.
      • Working knowledge of Frida or Radare2.
      • Past experience with NowSecure tools.
      • Active security certifications, including: CISSP, OSCP, CHFI, CEH, GPEN, GWAPT
        
        What we offer:
        
        • Competitive Salary and incentive pay
        • Equity
        • Comprehensive Medical/Dental/Vision coverage
        • Flexible spending accounts for Medical, Childcare and Transportation
        • Company paid STD, LTD and Life
        • 401K Plan with Company Match
        • Unlimited PTO
          
          Do you want to love where you work?
          
          Amazing Tech: NowSecure delivers the most advanced mobile app security testing technology on the planet designed by the world's most advanced security researchers and top engineering talent.
          
          Top Customers: The world's most skilled and demanding security teams depend on NowSecure.
          
          Great Team: Smart, driven people powered by craftsmanship, leadership and teamwork at the core.
          
          Get Things Done: At NowSecure, we move fast and with purpose to ensure our customers are always protected on mobile.
          
          Department: Services
          
          Location: Remote
          
          FLSA Class: Exempt
          
          Supervisor: Director, Application Security
          
          Supervision Exercised: None
          
          Travel Requirements: 10-20% for normal business needs
          
          Environmental Conditions
          
          Work Environment - Normal office environment and/or home office workspace. Generally similar environment when visiting Company's customer offices.
          
          Strength Guidelines - Employee will be expected to lift, move and carry 10-15 lbs in the normal scope of work.
          
          Motion Parameters - Employee will be expected to sit for long periods of time with the option to stand or walk (stretch). Employee may need to bend or squat when picking up items from the floor. Employee must have ability to type on a computer keyboard.
          
          Vision and Hearing Requirements - Employee must be able to see a computer screen, read internal and external reports and summaries. There is a normal amount of background noise in the office environment. Employee must be able to see and hear video conferencing tools.
          
          Emotional Demands - Employee must be able to understand, react and respond to quick decisions, must be able to read and write with a high level of grammar skill including the ability to read, understand and interpret technical information and data. On occasion, employee may have to speak publicly in company meetings and/or company led presentations, training and seminars.
          
          Information Security Responsibilities
          
          • Employee must follow all applicable policies in the Information Security Handbook, Master Information Security Policy and sub-policies, standards and procedures which are generally available to employee.
          • Employee must maintain security of login credentials and information assets, and follow Data Classification policy regarding labelling and handling of Company data.
          • Employee must report any security incidents pursuant to the Incident Response policy
          • Employee must support information risk assessments, internal and external information security audit functions
          • Employee must complete security training during on-boarding process as well as annually when arranged by the Company; and, maintain any certifications as required
            
            Powered by JazzHR
            
            ircMJVSVhS

Keywords: NowSecure, San Francisco , Application Security Analyst - Remote opportunity, Accounting, Auditing , San Francisco, California