View Our Website View All Jobs

Web Application Security Analyst (Pentester)

RiskSense is hiring web application security analysts to join a team of highly qualified security researchers and practitioners assembled to provide preventative and responsive security services to critical infrastructure entities identified by the federal, state, local and private entities.

Education

  • B.S. in Computer Science

Skills Required

  • Excellent problem solving and analytical skills
  • Superior oral and technical writing communication skills
  • Independence, self-managed, and motivated
  • Knowledge of the Software Development Lifecycle in an enterprise environment
  • Programming experience in two of the following languages: C#, Java, Python, Ruby

Career Activities

  • Perform security services, including: application penetration testing, source code review, and threat modeling
  • Maintain suitable knowledge of threats, risk assignment, remediation strategies, security tools, testing techniques, and security research
  • Participate in security assessment activities, including client communication, data analysis, report authoring, and findings presentation
  • Assist research teams specializing in application security papers, tool creation and zero day vulnerability discovery

Beneficial Qualifications

  • Software Engineering career experience
  • Following Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
  • Thorough understanding of software vulnerabilities
  • Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
  • Ability to demonstrate understanding of vulnerability remediation
  • Familiarity with malicious code identification and common hacker attack techniques
  • Ability to research and reproduce vulnerability exploitation
  • Understanding of advanced cryptographic concepts.
  • Ability to demonstrate manual testing experience including all of OWASP Top 10.
  • Experience with any of the following commercial application scanning tools such as Acunetix, IBM's AppScan, HP’s WebInspect, NTOSpider, Cenzic's Hailstorm, Burp Suite Professional
  • Understanding of Web Services technologies such as XML, SOAP, and AJAX
  • Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
  • Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
  • Experience in application level attacks, bypassing firewalls, evading intrusion detection
  • Experience building automated tool sets or expanding existing toolset libraries
  • Secure code review experience using automated toolsets
  • Mobile security testing and analyzation
  • Proficiency in Linux system administration

Company Description

Ever wondered what it would feel like working for a cyber security company? Meet RiskSense, Inc. We’re the pioneer and market leader in pro-active cyber risk management solutions that allow enterprises and governments to contextualize internal security intelligence, external threat data feeds, and business criticality to identify imminent cyber risks and prioritize remediation actions. The company’s Software-as-a-Service (SaaS) platform transforms cyber risk management into a pro-active, collaborative, and real-time discipline. As former advisors to the U.S. Department of Defense and U.S. Intelligence Community, RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program.

If you join our team, you will be joining professionals dedicated to helping our clients better defend their networks and the data with which they have been entrusted. RiskSense is a multi-year winner of Technology Ventures Corporation's Flying 40 Award; a 4-year recipient of Albuquerque Business First's Fastest Growing Companies Award, a 4-year recipient of Inc. Magazine's Inc. 5000 award and a 4-year participant in the New Mexico Private 100. Based on the company’s innovation in the cyber risk management space, Gartner recently named RiskSense as one of the leading vendors in their newly published report on Security Operation Analysis and Reporting. We have proven 50% year over year revenue growth while maintaining profitability for the past 5 years.

Workplace

RiskSense recently moved into a brand-new 18,000-square foot office suite in Albuquerque, New Mexico. News outlets described RiskSense's interior design and amenities as the "quintessential 'techie' vibe often found in Silicon Valley offices." These amenities include:

  • Gym, with top-notch equipment for cardio and strength-training with brands such Keiser, WaterRower, and Precor USA.
  • Mechanical desks that save your preferred sitting & standing heights 
  • Separate men & women's locker rooms and showers
  • Occasional group classes from professional yoga & gym instructors
  • Recreation room with bean bag chairs and ping-pong
  • Modern furniture in meeting areas and "huddle rooms"
  • Glass offices, glass conference rooms
  • Open-air desks with glass partitions
  • Lots of windows and natural light
  • Interior decorating with fun, bright colors
  • Large kitchen and break area with restaurant-style booths
  • Complimentary snacks and drinks
  • Conference rooms named after Star Wars planets

Culture

The RiskSense team prides itself on attracting top talent in New Mexico and from around the world. Not only are our founders and executive management team considered thought-leaders in the industry (see the "About" section), but so are our employees—from developers to sales and marketing. An entrepreneurial mindset is encouraged, and our team is constantly researching and developing innovative solutions that contribute to our existing and new technologies.

Our company culture encourages communication and rewards creative, bright minds. Our team is positive, energetic and, above all else, is persistent in solving challenging problems. The dress is casual and the atmosphere is uniquely positive and stimulating. Though we are continuously expanding, the vibe is very "tech startup."

Benefits

In order to recruit and retain our team of top talent, RiskSense continues to grow our world-class benefits package:

  • Awesome benefits – Health, Dental, Vision, Supplemental Training
  • Incentive stock-option plan for qualified employees
  • Referral Bonuses for recommending top talent that is hired
  • Tech amenities, such as computers, multiple monitors and more
  • 120 hours of accrued vacation time

All applicants applying for U.S. job openings must be authorized to work in the United States. Equal Opportunity Employer M/F/Disability/Vet. 

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*