IT Security Auditor - Hybrid

Job Description:

As an IT Security Auditor, you will be designing and building secure platforms and applications through Dynamic, Static, and Software Composition Analysis assessments.

Required Skills, Experiences, Education, and Competencies:

• Minimum of 5 years of total IT-related experience.
• 3 years implementing/utilizing Federal, Industry, and Open-Source Security Guidance and Secure Coding Practices (e.g., OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode).
• 3 years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks.
• 3 years with networking, infrastructure, secure application development, and security automation (DevSecOps).
• 3 years of hands-on experience building and deploying secure complex distributed web and mobile applications.
• Experience with Chrome/Firefox/Edge Development tools to analyze request/response headers.
• Proficient with Application Security scanning tools (SAST, DAST, SCA, ASOC, Container/Cloud).
• Familiarity with Coverity, BlackDuck, STRM, Fortify is a plus.
• Deep understanding of HTTP Request/Response headers for web and Restful API calls.
• Expertise in explaining OWASP top 10 vulnerabilities (e.g., Cross-Site Scripting, Injection attacks, SSRF, CSRF, XML entity).
• API Security, JWT, OAUTH/OIDC/PKCE, Web, API replay attacks.
• High-level understanding of containers.
• Cloud development experience (Azure, AWS, GCP).
  
  

The hourly range for roles of this nature are $40.00 to $80.00/hr. Rates are heavily dependent on skills, experience, location, and industry.

cyberThink is an Equal Opportunity Employer.