Sr Technical Security Analyst

Idexcel Inc.
Dulles, VA
26 Feb 2025

Vacancy expired!

Job Title: Sr Technical Security Analyst

Location: Dulles, VA /Hybrid

Duration: 12+ Months

Responsibilities:The Sr Technical Security Analyst position is within Yahoo’s IT Security group. The Analyst will work within the Vulnerability & Controls Ops team helping to address security vulnerabilities received through Client Bug-Bounty program. The ideal candidate will have great interest in information security, has hands-on security engineering experience, and be able to come up with creative and unique solutions to security- related problems.

The Analyst will perform technical security activities including the following:Assess incoming Bug Bounty submissions and reproduce reports to confirm validityCultivate report metadata to ensure accuracy of metrics reportingCollaborate with product teams to review and process external reportsProvide guidance on effective vulnerability countermeasuresTest security bug fixes from product teamsHandle critical bugs after hours or on weekends (very rarely)Provide subject matter expertise on encryption, security controls, and secure programming practices across OathContribute to security policy, standards, and guidelines related to Bug BountyEngage with the community to promote a positive experience for the researchersFoster and maintain positive relationships between researchers and YahooBuild relationships between Security and Product teamsIdentify opportunities to improve / add capabilities to the existing BB ProgramLeverage Jira to track project effortsEstablish credibility as a trusted resource to stakeholders, colleagues, and customers across YahooPerform vulnerability scan, analysis, validation and remediation activities.Perform network and application penetration testing.Validate vulnerabilities discovered through code analysis.Classify and prioritize the risk of new vulnerabilities according to the specifics of Yahoo environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.Work with customers to oversee remediation of identified security issues.Perform technical and non-technical compliance activities.Perform security validation for configuration settings on different systems.Create ad-hoc metric requests and documentation

Minimum Qualifications3 years of experience either in Web application testing, Pentration Testing or Bug-Bounty.Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java).Fluent in a variety of web application protocols, operating systems and networking technologies.Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux,Windows and OSX), patching and attack patterns.Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others.Understanding of CVSS base score methodologyStrong analytical, problem solving and engineering skills.Good written and verbal communication skills.Solid organizational skills and strong customer service skills.Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).Positive and eager energy; motivated to gain a vast variety of knowledgeGenuine interest in ethical hacking, penetration testing, or other areas of offensive security as a career pathPunctual and responsiveThoroughness in quality of workAble to work in a constantly collaborative environment

Desired QualificationsOffensive Security Certified Professional (OSCP)Certified Ethical Hacker (CEH)Experience with Kali Linux via VirtualBox, BurpSuite, Splunk, Jira, Mac OS, LinuxHistory of participating in Bug Bounty programsTrack record of identifying and successfully submitting Bug-Bounty findings

About IDEXCEL, INCIdexcel is an IT services organization, with a mission to bring great people and great organizations together. Our diverse client base represents a wide range of industries, including technology, telecom, insurance, healthcare, manufacturing, banking & financial services, food & commodities trading and federal organizations. Our teams of experienced recruiters directly work with client companies seeking exceptional people to help with their business initiatives. Idexcel, Inc. is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.
  • ID: #49363662
  • State: Virginia Dulles 20101 Dulles USA
  • City: Dulles
  • Salary: Depends on Experience
  • Job type: Contract
  • Showed: 2023-02-26
  • Deadline: 2023-04-25
  • Category: Et cetera