Lead Application Security (REMOTE OPPORTUNITY) in Mason, OH at Quest Diagnostics

Date Posted: 9/3/2021

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    4690 Parkway Drive
    Mason, OH
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    9/3/2021
  • Job ID:
    req61980

Job Description

Lead Application Security – Cyber Threat Division  (Remote Opportunity) 

Look for more than answers.

Patients and Physicians rely on our diagnostic testing, information and services to help them make better healthcare decisions. These are often serious decisions with far-reaching consequences, and require sensitivity, tact and a clear dedication to service. It’s about providing clarity and hope.

As a Security Specialist, you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.

We are looking for a talented and trustworthy application security specialist to cover all aspects of application security and vulnerability management. The primary responsibilities include manual secure code review, SAST, DAST, IAST, penetration testing(web/API/network), threat modeling, design review, vulnerability scanning, remediation coordination and tracking.
To ensure success, you should have advanced knowledge of computer and internet security systems, high-level hacking skills, and the ability to create clear and concise reports. Candidates must have the skills necessary to quickly identify security flaws and provide actionable recommendations on how to improve the security and protect information systems and data.

Responsibilities:

-Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
-Review SAST/DAST/IAST output for false positives (Gitlab, Contrast). Assist development with remediation.
-Perform penetration testing against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
-Report vulnerabilities to stakeholders and track remediation progress.
-Thorough understanding of cloud technologies and environments (AWS, Azure, Google).
-AppSec and vulnerability management for all aspects of DevSecOps/Cloud, Agile, CI/CD pipelines.
-Produce well-written, detailed reports that describe vulnerabilities/risks and that provide specific remediation guidance.
-Identify, research and evaluate current vulnerabilities, provide remediation and configuration guidance. Collaborate with stakeholders to develop remediation strategies.
-Serve as an infrastructure and application security subject matter expert for projects.
-Conduct Threat Modeling exercises to identify objectives and vulnerabilities, and define countermeasures to prevent, or mitigate the effects of, threats to the system.
-Effectively communicate vulnerability details, risks and potential impacts to, application/infrastructure owners, stakeholders, and both onshore and offshore partners. 
-Design, implement, and support security-focused tools and services.
-Assist with internal investigations, incident response, and other special requests or events.
-Competent to work independently at a high technical level.
-In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
-Inherent passion for information security and service excellence.
-Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
-Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives..
-Define and document internal, technical, and service processes and procedures
-Researching the company's systems, applications, network structure, and possible penetration sites.
-Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
-IDS/IPS, honeypot, and firewall evasion.
-Conducting penetration tests once new security features have been implemented.
-Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)

Education:

BS in Computer Science or equivalent required, MS preferred.

Requirements:

-Minimum 4-7 years of experience specific to ethical hacking including network, web application, client side, wireless, social engineering, dumpster diving, mobile and web service testing.

 -3-5 years experience with the implementation and support of an IT Security program including aspects of threat and vulnerability management, threat intelligence, incident response, security management, and application security related products, projects, procedures, and processes.

-GXPN, GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications
-Proven work experience in manual secure code review.
-Advanced knowledge of networking systems and security software.
-In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
-Technical knowledge of routers, firewalls, and server systems.
-Good written and verbal communication skills.
-Good troubleshooting skills.
-Ability to see big-picture system flaws.

Other:

 Experience is required in the following areas: manual secure code review, threat modeling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects.  Experience with industry standard infrastructure and application assessment tools such as, for example, Qualys, Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Anomali. Familiarity with regulatory and industry security frameworks and best practices such as NIST, OWASP, PCI, SANS.  Additionally, experience in planning, implementing and/or supporting the processes associated with the use of these methodologies. 

Apply Today

Join us for competitive benefits and development opportunities in a progressive and supportive environment. Help us improve our service, and the experiences of our patients and colleagues. Work with us and together we can be better.

Your Quest career. Seek it out.

All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity or Citizenship.