Security - Cyber Threat Division (Remote Opportunity)
Look for more than answers.
Patients and Physicians rely on our diagnostic testing,
information and services to help them make better healthcare decisions. These
are often serious decisions with far-reaching consequences, and require
sensitivity, tact and a clear dedication to service. It's about providing
clarity and hope.
As a Security Specialist, you will work for the world
leader in the industry, with a career where you will have the opportunity to
collaborate and affect change while expanding your leadership skills and technical
knowledge. You can make a real impact in a market that is growing and
are looking for a talented and trustworthy application security specialist to cover
all aspects of application security and vulnerability management. The primary
responsibilities include manual secure code review, SAST, DAST, IAST,
penetration testing(web/API/network), threat modeling, design review,
vulnerability scanning, remediation coordination and tracking.
ensure success, you should have advanced knowledge of computer and internet
security systems, high-level hacking skills, and the ability to create clear
and concise reports. Candidates must have the skills necessary to quickly
identify security flaws and provide actionable recommendations on how to
improve the security and protect information systems and data.
-Perform manual secure code review to align with Agile sprints and DevSecOps deployments.
-Review SAST/DAST/IAST output for false positives (Gitlab, Contrast). Assist development with remediation.
-Perform penetration testing against products and systems, including mobile devices, servers, web services, and web applications, wireless networks.
vulnerabilities to stakeholders and track remediation progress.
understanding of cloud technologies and environments (AWS, Azure, Google).
and vulnerability management for all aspects of DevSecOps/Cloud, Agile,
well-written, detailed reports that describe vulnerabilities/risks and
that provide specific remediation guidance.
-Identify, research and evaluate current
vulnerabilities, provide remediation and configuration guidance.
Collaborate with stakeholders to develop remediation strategies.
-Serve as an infrastructure and application
security subject matter expert for projects.
-Conduct Threat Modeling exercises to identify
objectives and vulnerabilities, and define countermeasures to prevent, or
mitigate the effects of,threatsto the system.
-Effectively communicate vulnerability
details, risks and potential impacts to, application/infrastructure
owners, stakeholders, and both onshore and offshore partners.
-Design, implement, and
supportsecurity-focused tools and services.
-Assist with internal investigations, incident
response, and other special requests or events.
-Competent to work independently at a high
-In-depth knowledge and understanding of
information risk concepts and principles to ensure relevant business needs
have appropriate corresponding security controls.
-Inherent passion for information security and
-Ability to demonstrate a clear understanding, at
an enterprise level, of application, network, infrastructure, and data
-Excellent analytical skills, able to manage
multiple projects under strict timelines, work well in a demanding dynamic
environment, and meet overall objectives..
-Define and document internal, technical, and
service processes and procedures
-Researching the company's systems, applications, network structure, and possible penetration sites.
-Investigating infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
-IDS/IPS, honeypot, and firewall evasion.
-Conducting penetration tests once new security features have been implemented.
-Stay informed on the latest security threats in all areas (Strategic, Tactical, Operational, and Technical)
BS in Computer Science or equivalent required, MS preferred.
-Minimum 4-7 years
of experience specific to ethical hacking including network, web application, client
side, wireless, social engineering, dumpster diving, mobile and web service
experience with the implementation and support of an IT Security program
including aspects of threat and vulnerability management, threat intelligence,
incident response, security management, and application security related
products, projects, procedures, and processes.
-GXPN, GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications
-Proven work experience in manual secure code review.
-Advanced knowledge of networking systems and security software.
-In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
-Technical knowledge of routers, firewalls, and server systems.
-Good written and verbal communication skills.
-Good troubleshooting skills.
-Ability to see big-picture system flaws.
required in the following areas: manual secure code review, threat modeling,
application security, penetration testing, vulnerability management, and
security consulting for application and/or infrastructure type projects. Experience with industry standard
infrastructure and application assessment tools such as, for example, Qualys,
Nessus, Burp, Metasploit, Core Impact, Aspect Contrast, Anomali. Familiarity
with regulatory and industry security frameworks and best practices such as
NIST, OWASP, PCI, SANS. Additionally,
experience in planning, implementing and/or supporting the processes associated
with the use of these methodologies.
Join us for
competitive benefits and development opportunities in a progressive and
supportive environment. Help us improve our service, and the experiences of our
patients and colleagues. Work with us and together we can be better.
career. Seek it out.
requirements are subject to possible modifications to reasonably accommodate
individuals with disabilities. or Citizenship.
Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity.