Live Chat
Contact

Lead - IT Security Specialist (REMOTE OPPORTUNITY) Job in Atwater, Ohio US

Lead - IT Security Specialist (REMOTE OPPORTUNITY)

QUEST DIAGNOSTICS - Atwater, OH

Posted: 3/30/2021 - Expires: 6/28/2021

Job ID: 225770823

Print 

Job Description

Lead Application
Security - Cyber Threat Division (Remote Opportunity)

Look for more than answers.

Patients and Physicians rely on our diagnostic testing,
information and services to help them make better healthcare decisions. These
are often serious decisions with far-reaching consequences, and require
sensitivity, tact and a clear dedication to service. It's about providing
clarity and hope.

As a Security Specialist, you will work for the world
leader in the industry, with a career where you will have the opportunity to
collaborate and affect change while expanding your leadership skills and technical
knowledge. You can make a real impact in a market that is growing and
developing.

We
are looking for a talented and trustworthy application security specialist to cover
all aspects of application security and vulnerability management. The primary
responsibilities include manual secure code review, SAST, DAST, IAST,
penetration testing(web/API/network), threat modeling, design review,
vulnerability scanning, remediation coordination and tracking.
To
ensure success, you should have advanced knowledge of computer and internet
security systems, high-level hacking skills, and the ability to create clear
and concise reports. Candidates must have the skills necessary to quickly
identify security flaws and provide actionable recommendations on how to
improve the security and protect information systems and data.

Responsibilities:

-Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
-Review SAST/DAST/IAST output for false positives (Gitlab, Contrast). Assist development with remediation.
-Perform penetration testing against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
-Report
     vulnerabilities to stakeholders and track remediation progress.
-Thorough
     understanding of cloud technologies and environments (AWS, Azure, Google).
-AppSec
     and vulnerability management for all aspects of DevSecOps/Cloud, Agile,
     CI/CD pipelines.
-Produce
     well-written, detailed reports that describe vulnerabilities/risks and
     that provide specific remediation guidance.
-Identify, research and evaluate current
     vulnerabilities, provide remediation and configuration guidance.
     Collaborate with stakeholders to develop remediation strategies.
-Serve as an infrastructure and application
     security subject matter expert for projects.
-Conduct Threat Modeling exercises to identify
     objectives and vulnerabilities, and define countermeasures to prevent, or
     mitigate the effects of,threatsto the system.
-Effectively communicate vulnerability
     details, risks and potential impacts to, application/infrastructure
     owners, stakeholders, and both onshore and offshore partners.
-Design, implement, and
     supportsecurity-focused tools and services.
-Assist with internal investigations, incident
     response, and other special requests or events.
-Competent to work independently at a high
     technical level.
-In-depth knowledge and understanding of
     information risk concepts and principles to ensure relevant business needs
     have appropriate corresponding security controls.
-Inherent passion for information security and
     service excellence.
-Ability to demonstrate a clear understanding, at
     an enterprise level, of application, network, infrastructure, and data
     security architecture.
-Excellent analytical skills, able to manage
     multiple projects under strict timelines, work well in a demanding dynamic
     environment, and meet overall objectives..
-Define and document internal, technical, and
     service processes and procedures
-Researching the company's systems, applications, network structure, and possible penetration sites.
-Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
-IDS/IPS, honeypot, and firewall evasion.
-Conducting penetration tests once new security features have been implemented.
-Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)

Education:

BS in Computer Science or equivalent required, MS preferred.

Requirements:

-Minimum 4-7 years
of experience specific to ethical hacking including network, web application, client
side, wireless, social engineering, dumpster diving, mobile and web service
testing.

-3-5 years
experience with the implementation and support of an IT Security program
including aspects of threat and vulnerability management, threat intelligence,
incident response, security management, and application security related
products, projects, procedures, and processes.

-GXPN, GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications
-Proven work experience in manual secure code review.
-Advanced knowledge of networking systems and security software.
-In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
-Technical knowledge of routers, firewalls, and server systems.
-Good written and verbal communication skills.
-Good troubleshooting skills.
-Ability to see big-picture system flaws.

Other:

Experience is
required in the following areas: manual secure code review, threat modeling,
application security, penetration testing, vulnerability management, and
security consulting for application and/or infrastructure type projects. Experience with industry standard
infrastructure and application assessment tools such as, for example, Qualys,
Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Anomali. Familiarity
with regulatory and industry security frameworks and best practices such as
NIST, OWASP, PCI, SANS. Additionally,
experience in planning, implementing and/or supporting the processes associated
with the use of these methodologies.

Apply Today

Join us for
competitive benefits and development opportunities in a progressive and
supportive environment. Help us improve our service, and the experiences of our
patients and colleagues. Work with us and together we can be better.

Your Quest
career. Seek it out.

All
requirements are subject to possible modifications to reasonably accommodate
individuals with disabilities.  or Citizenship.

Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans /  Disabled / Sexual Orientation / Gender Identity.

Identified Skills


Job Summary

Employment Type:
Full Time Employee
Job type:
Federal Contractor
Skill Based Partner:
No
Education Level:
No school grade completed
Work Days:
Mon, Tue, Wed, Thu, Fri
Job Reference Code
52182695_3
Salary
N/A
Licenses / Certifications:
N/A
Display Recommended WorkKeys®Recommended WorkKeys®:
N/A