Jobs at Central Business Solutions, Inc

View all jobs

DevOps Security Tester

Washington, DC
Job Title : DevOps Security Tester
Location  : Washington, DC​​.


Application Security Tester III

Position Overview:
For this position, we are looking for an analyst with experience in DevSecOps. The goal of the engagement is to integrate and implement security testing activities in DevOps methodology, using scripting languages and integrate them with CI/CD pipelines and servers. Seeking candidates with the following additional specific experience/knowledge:

  • Demonstrated hands-on experience with automating security testing activities in DevOps methodology, using scripting languages (e.g. Power Shell, Python), using application life cycle management products (e.g. MS TFS, Azure DevOps) and common automation and orchestration tools (e.g. Chef, Jenkins).
  • Experience with AWS, Azure, and ADAL SDKs for Python, and Selenium scripting is an added plus.
  • Understanding of cloud technology (e.g. AWS, MS Azure, MS Office 365, Adobe Cloud, ServiceNow) is an added plus.

Essential Job Functions:
  • Review the security architecture evaluation of new systems and create risk-based test plans around existing and planned controls and recommendations.
  • Perform security analysis of the different layers of the systems (application, operating systems, and database layers) by performing source code review, manual testing, and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners.
  • Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS and Android).
  • Configure, troubleshoot, and perform web and database post-production scans.
  • Analyze the results of security testing following a risk-based approach and work with DBAs, network operations, and application development teams through recommending and monitoring of remediation activities.
  • Maintain detailed documentation of test procedures and findings in ITSSR ticketing system.
  • Develop and maintain ITSSR security testing procedures for the different layers of web, mobile, and enterprise application systems to incorporate new testing methodologies and improve the process.
  • Maintain vulnerability scanning tools (i.e. Cenzic Hailstorm) to ensure they are up to date and running properly.
  • Assist in identifying and maintaining licenses for security manual testing tools and mobile security testing tools.
  • Stay abreast of newer trends in tools and technologies used for web and mobile application security.
Educational Qualifications and Experience:
  • Education: Bachelor's degree, preferably in Computer Science, Information Management, or Information Systems.
  • Role Specific Experience: 2+ years of relevant experience in information security and application security.
  • Hands-on experience with running web application testing tools (e.g., Cenzic Hailstorm, Client Web Inspect, IBM AppScan), performing manual testing and source code review, validating test results, analyzing vulnerabilities and helping develop platform specific remediation plans.

Certification Requirements:
  • Recognized industry certifications (e.g. Certified Information Systems Security Professional CISSP, Certified Ethical Hacker CEH, SANS GWEB or GWAPT) is a plus.

Required Skills/Abilities:
  • Good knowledge of common website vulnerabilities (such as SQL injection, cross-site scripting, remote/local file inclusion, etc.) and common website exploit techniques (such as character encoding, privilege escalation, directory traversal, etc.)
  • Good understanding of web application technologies (e.g. Java, .NET, Drupal), database management systems (Oracle, MS SQL, etc.), operating systems (e.g. Windows, UNIX) and operation/configuration of common web servers (e.g. IIS, Apache).

Desired Skills/Abilities (not required but a plus):
  • Knowledge of Web Application Firewall (WAF) operation.
  • Experience with security vulnerability evaluation of ERP solutions (e.g., SAP and PeopleSoft), COTS solutions and application middle-ware (Documentum, SharePoint, etc.)
  • Understanding of mobile application security testing on different mobile platforms (iOS and Android)
  • Previous software development experience (using .NET or Java)

Experience Matrix for Levels:
  • Level III - 7+ years of experience.

Central Business Solutions, Inc,
37600 Central Ct.
Suite #214
Newark, CA 94560.
Central Business Solutions, Inc(A Certified Minority Owned Organization)
Checkout our excellent assessment tool:
Checkout our job board :
Central Business Solutions, Inc
37600 Central Court Suite 214 Newark CA, 94560
Phone: (833)247-8800 Fax: (510)-740-3677
Powered by