NIH – Application Scanning Analyst

Job Description

Company: cFocus Software Incorporated

cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
• Public Trust Clearance
• B.S. Computer Science, Information Technology, or a related field
• 5+ years of experience performing application security assessments or web application vulnerability scanning.
• Experience conducting authenticated and unauthenticated web application security testing.
• Experience supporting enterprise vulnerability management programs.
• Experience interpreting application security findings and developing remediation guidance.
• Experience supporting Federal cybersecurity or large enterprise environments.
• Preferred certifications include: GWAPT, GWEB, CSSLP, OSWA, or CEH

Duties:
• Perform authenticated and unauthenticated web application vulnerability scans.
• Conduct application security assessments against internally developed and commercial applications.
• Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
• Assess APIs, web services, and middleware for security vulnerabilities.
• Conduct application configuration reviews and identify security weaknesses.
• Perform recurring vulnerability scans in accordance with Government-defined schedules.
• Analyze application scan results to identify security vulnerabilities and misconfigurations.
• Validate scan findings to eliminate false positives.
• Prioritize vulnerabilities using risk-based methodologies, including CVSS scoring and exploitability.
• Correlate application vulnerabilities with infrastructure and network risks.
• Identify critical vulnerabilities requiring immediate remediation.
• Perform root cause analysis for recurring application security issues.
• Collaborate with software development teams to improve application security.
• Provide remediation recommendations aligned with secure coding practices.
• Assist developers with vulnerability mitigation strategies.
• Support integration of security scanning into DevSecOps and CI/CD pipelines.
• Recommend application security improvements throughout the software development lifecycle (SDLC).
• Promote secure-by-design principles across NIH application environments.

Source: LinkedIn