Overview
The Extended Term Temporary will be responsible for evaluating information security controls in web, cloud, AI, mobile, and complex business applications, and providing technical and architectural information security solutions.
Key Responsibilities
- Review security architecture evaluation of WBG new systems and create security test plans.
- Perform security analysis of system layers (application, API, operating systems, database) through source code review, manual testing, and vulnerability scans.
- Perform manual vulnerability assessment and produce reports.
- Perform security testing for cloud-based solutions and M365 platform applications.
- Perform Gray-Box/White-Box security testing of applications, SAST, and SCA analysis.
- Perform application security testing on native and web-based mobile applications.
- Review testing results and work with development teams to remediate issues.
- Maintain documentation of test procedures and findings.
- Perform AI Security testing and AI security controls Assessment.
- Understand the Agile framework and its application in security testing.
- Stay abreast of newer trends and technologies such as AI and application security testing tools.
Required Experience
- Minimum of 2 years of relevant experience.
- Proven level of understanding of the security architecture and security requirements of enterprise applications and platforms.
- Hands-on experience in preparing risk-based test plans and performing security testing on different layers of information systems.
- In-depth knowledge of common security vulnerabilities of OWASP Top 10 for web, API, mobile, LLMs and common exploit techniques.
- Demonstrated hands-on experience with web application security manual testing, source code review, identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and validating test results, analyzing vulnerabilities, and helping develop platform specific remediation plans.
- Understanding of cloud technology (e.g., AWS, MS Azure, MS Office 365, MS Power Apps), web application technologies (e.g., Java, .NET, Drupal) and operation/configuration of common web servers (e.g., IIS, Apache) is an added plus.
- Experience with mobile application security testing on different mobile platforms (iOS and Android) is an added plus.
Qualifications
Associate's degree or a recognized certificate.
