Skip navigation
Security Analyst - Application Security

Security Analyst - Application Security

Job Description


A Security Analyst on the Application Security team possesses a solid understanding of Application Security principles and has shown the ability to rapidly learn new processes and technologies while taking guidance and mentoring from various resources throughout FishNet.  A Security Analyst will be expected to heavily contribute to client projects while working to advance their various skill sets within the Application Security practice.


  1. Perform Application Security engagements including:
    1. Application Security Assessments (Web and Fat Client)
    2. Mobile Application Security Assessments
    3. Source Code Review
    4. Application Threat Modeling
    5. Secure SDLC Consulting (MS SDL, OpenSAMM, etc.)
    6. Application Security Awareness Training
    7. Application Architecture Review
    8. Web Application Scanning
    9. Database Security Review
  2. Assess application security posture through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities
  3. Interface with client personnel to gather information, clarify scope and investigate security controls
  4. Use creative approaches to identify vulnerabilities that are commonly missed in automated assessments
  5. Exploit vulnerabilities and evaluate risk exposure. Identify and communicate remediation guidance to clients based on industry best practices
  6. Execute opportunistic, blended and chained attack scenarios that combine multiple weaknesses to compromise client environments
  7. Create comprehensive assessment reports that clearly identify root cause and remediation strategies
  8. Execute projects using FishNet Security’s established methodology, tools, and documentation
  9. Report to FishNet Security management and Project Managers and provide weekly status reports
  10. Collaborate with other team members and practices to complete client projects and practice      contributions
  11. Maintain industry credentials/certifications
  12. Participate in industry conferences including delivering presentations and actively contributing to 6Labs (the FNS Thought Leadership forum)
  13. Provide support in the ongoing development of Application Security offerings through tool creation and process improvement
  14. Perform other duties as assigned

Job Requirements


  • High School diploma or GED required.
  • Bachelor’s Degree from a four-year college or university in Information Assurance, Computer Science, Management Information Systems or related area of study; or two or more years related experience and/or training; or equivalent combination of education and experience preferred.
  • Minimum 1 year of Application Security experience through employment, community      involvement, academic or self-study required.

  • Self-motivated and able to take on large and complex projects
  • Effective time management, able to balance multiple projects in parallel
  • Strong attention to detail

  • Creative, problem solving skills

Application Security:

  • Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities.
  • Comprehensive understanding of common Application Security Vulnerabilities (OWASP Top 10 / SANS Top 25 CWEs)

  • Ability to effectively leverage commercial and open source security tools required (e.g. AppScan Source and Standard, Web Inspect, Burp, RAFT, Hailstorm, Fortify, etc.).

  • Ability to combine multiple separate findings to identify complex blended vulnerabilities.

  • Ability to convey remediation guidance in accordance with industry best practices.

  • Knowledge of programming and development.


  • Focus on client satisfaction.
  • Excellent communication skills are a necessity.  The candidate MUST be able to effectively communicate both verbally and in writing
  • Must be able to work well with customers and self-manage through difficult situations.
  • Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
  • Ability to work both independently as well as on teams.
Team/Industry Contributions:

  • Motivation to constantly improve processes and methodologies.
  • Passion for creating tools and automation to make common tasks more efficient.
  • Knowledge of programming and scripting for development of security tools.
  • Ability to collaborate and share knowledge with team members.
  • Ability to deliver presentations at industry conferences.
  • Blog post writing skills.
Physical Requirements:

  • Ability to travel anywhere domestically /internationally by air, train, taxi, car or bus.

  • Minimum 3 years of Application Development or Information Security experience preferred.
  • Industry  certifications preferred (OSCP, OSCE, OSWE, GWAPT, GXPN, GPEN, GWEB, GSEC,      GMOB, SISE, etc.).
  • Active participation and/or contributions to the security community strongly preferred, including:
    • Experience presenting at industry conferences such as (DEFCON, BlackHat, ShmooCon, DerbyCon, OWASP Events)
    • Published articles
    • Vulnerability Disclosures
    • Interaction with security community in meet-ups and online community
  • Demonstrated ability to innovate attack methods and tools preferred.
  • Demonstrated ability to identify previously unknown vulnerabilities through published CVEs preferred.
Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties outlined, within the sole discretion of FishNet Security, at any time, with or without advance notice.
We are an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other protected characteristics. 

Job Snapshot

Employment Type Full-Time
Job Type Engineering, Information Technology, Design, Professional Services
Education 4 Year Degree
Experience At least 3 year(s)
Manages Others Not Specified
Industry Other Great Industries
Required Travel Not Specified
Job ID 2013-2168
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using you are agreeing to comply with and be subject to the Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

Security Analyst - Application Security

Enter notes about this job: