Threat and Vulnerability Management – Application Scanner SME

09 Oct 2016
02 Nov 2016
Contract Type
Full Time
This role has the responsibility to establish, implement and maintain scanning and securing all ABB applications. He or she will ensure services are delivered in accordance with agreed business requirements and provide the Service Manager with an overview of ABB's risk exposure from internal and external applications. He or she will interacts with other security departments with regards to assessing the risk deriving from the findings.

Work with Service Manager to establish and maintain the vision & process framework for managing AS service:
• Provide business and application owners with clear information about current situation regarding the application security, in an automated and rapid way;
• Validate all findings in scope from security scans;
• Create reports for application owners utilizing ABB AS reporting tools;
• Participate in discussions with application owners or designated technical contacts to analyze and explain results of the assessments as well as determine remediation steps/time needed;
• Contribute to the ongoing enhancement of the company's vulnerability assessment capabilities;
• Work with analysts to collect information from scans run by them;
• Report the security status in terms of the services to the SM so that he/she can report to relevant bodies, especially InfoSec Management, InfoSec Strategy, Governance and Policies, Business Engagement, and Risk Assessors;
• Reviews exception and manages escalation of unaccepted deviations. Works with service providers and InfoSec Risk Management in cases of different assessments of risk;
• On-boarding of new applications, systems, service providers etc. Integration of new service providers into the Security Configuration Management processes and activities.

- Bachelor's Degree or equivalent level with IT focus or equivalent practical experience;
- Requires 4 years of experience in Information Security;
- Requires 1-3 years of experience with applications scanning or penetration testing;
- Ability to work with a team to work together towards a common goal and to achieve co-operation within the team;
- In-depth experience performing web application vulnerability assessment and penetration testing services;
- In-depth experience with web application vulnerability scanning tools (Burp Pro, Acunetix, TrustWave App Scan, open source web app tools, etc);
- Industry certifications preferred (e.g. GPEN, GWAPT, OSCP, OSWE, eWPTX, etc.);
- Good understanding of web application vulnerabilities including but not limited to consequences and remediation needed;
- A clear understanding of the fundamentals of web applications and their architecture and a thorough comprehension of the HTTP/HTTPS protocols;
- Advanced comprehension of the methods and components used during a web app penetration tests;
- Advanced comprehension of session tracking and SSL/TLS use in modern web communications;
- Good communication skills to interact with application owners;
- Excellent English language skills (spoken and written).
Knowledge of security auditing and vulnerability assessment techniques & methodologies.