NIH - Application Scanning Analyst
Remote
Full Time
NIH - ISPSS
Experienced
cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of experience performing application security assessments or web application vulnerability scanning.
- Experience conducting authenticated and unauthenticated web application security testing.
- Experience supporting enterprise vulnerability management programs.
- Experience interpreting application security findings and developing remediation guidance.
- Experience supporting Federal cybersecurity or large enterprise environments.
- Preferred certifications include: GWAPT, GWEB, CSSLP, OSWA, or CEH
Duties:
- Perform authenticated and unauthenticated web application vulnerability scans.
- Conduct application security assessments against internally developed and commercial applications.
- Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
- Assess APIs, web services, and middleware for security vulnerabilities.
- Conduct application configuration reviews and identify security weaknesses.
- Perform recurring vulnerability scans in accordance with Government-defined schedules.
- Analyze application scan results to identify security vulnerabilities and misconfigurations.
- Validate scan findings to eliminate false positives.
- Prioritize vulnerabilities using risk-based methodologies, including CVSS scoring and exploitability.
- Correlate application vulnerabilities with infrastructure and network risks.
- Identify critical vulnerabilities requiring immediate remediation.
- Perform root cause analysis for recurring application security issues.
- Collaborate with software development teams to improve application security.
- Provide remediation recommendations aligned with secure coding practices.
- Assist developers with vulnerability mitigation strategies.
- Support integration of security scanning into DevSecOps and CI/CD pipelines.
- Recommend application security improvements throughout the software development lifecycle (SDLC).
- Promote secure-by-design principles across NIH application environments.
Apply for this position
Required*