NIH - Application Scanning Analyst

Posted Yesterday
Be an Early Applicant
Bethesda, MD, USA
In-Office
Senior level
Software
The Role
Perform authenticated and unauthenticated web application vulnerability scans and application security assessments (DAST/SAST). Analyze and validate scan results, prioritize and correlate vulnerabilities using CVSS and risk methodologies, provide remediation guidance, support integration of scanning into DevSecOps/CI/CD, and collaborate with development teams to promote secure-by-design practices across NIH applications.
Summary Generated by Built In
cFocus Software seeks a Application Scanning Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of experience performing application security assessments or web application vulnerability scanning.
  • Experience conducting authenticated and unauthenticated web application security testing.
  • Experience supporting enterprise vulnerability management programs.
  • Experience interpreting application security findings and developing remediation guidance.
  • Experience supporting Federal cybersecurity or large enterprise environments.
  • Preferred certifications include: GWAPT, GWEB, CSSLP, OSWA, or CEH

Duties:
  • Perform authenticated and unauthenticated web application vulnerability scans.
  • Conduct application security assessments against internally developed and commercial applications.
  • Perform Dynamic Application Security Testing (DAST) and support Static Application Security Testing (SAST) activities.
  • Assess APIs, web services, and middleware for security vulnerabilities.
  • Conduct application configuration reviews and identify security weaknesses.
  • Perform recurring vulnerability scans in accordance with Government-defined schedules.
  • Analyze application scan results to identify security vulnerabilities and misconfigurations.
  • Validate scan findings to eliminate false positives.
  • Prioritize vulnerabilities using risk-based methodologies, including CVSS scoring and exploitability.
  • Correlate application vulnerabilities with infrastructure and network risks.
  • Identify critical vulnerabilities requiring immediate remediation.
  • Perform root cause analysis for recurring application security issues.
  • Collaborate with software development teams to improve application security.
  • Provide remediation recommendations aligned with secure coding practices.
  • Assist developers with vulnerability mitigation strategies.
  • Support integration of security scanning into DevSecOps and CI/CD pipelines.
  • Recommend application security improvements throughout the software development lifecycle (SDLC).
  • Promote secure-by-design principles across NIH application environments.

Skills Required

  • Public Trust clearance or ability to obtain one
  • B.S. in Computer Science, Information Technology, or related field
  • 5+ years performing application security assessments or web application vulnerability scanning
  • Experience conducting authenticated and unauthenticated web application security testing
  • Experience supporting enterprise vulnerability management programs
  • Experience interpreting application security findings and developing remediation guidance
  • Experience supporting Federal cybersecurity or large enterprise environments
  • Preferred certifications: GWAPT, GWEB, CSSLP, OSWA, or CEH
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Largo, MD
25 Employees
Year Founded: 2006

What We Do

Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!

Similar Jobs

Pfizer Logo Pfizer

Senior Director, Internal Medicine Portfolio Strategy Lead

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
215K-358K Annually

Pfizer Logo Pfizer

Director, Portfolio Strategy Inflammation & Immunology

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
177K-294K Annually

Optum Logo Optum

Registered Nurse Bonus Available

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Westminster, MD, USA
160000 Employees
38-69 Hourly

Optum Logo Optum

Office Assistant, Home Health

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Owings Mills, MD, USA
160000 Employees
17-25 Hourly

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account