Security Vulnerability Analyst
Do you have strong web application knowledge and an interest in information security?
If work in DevOps, Operations, Security or Vulnerability management, we have a unique opportunity to join a cutting-edge InfoSec software company.
AppCheck develops information security software for its end user clients and reseller network. Our cloud-based service provides clients with vulnerability detection and reporting services for web applications and hosting infrastructure.
In this role you’ll apply your knowledge of web applications, working closely with technical, commercial, and service delivery teams to support a best-in-class technical service delivery function for our customer-facing software solutions and services.
Reporting into our Service Delivery Lead, this role plays a crucial role in efficiently triaging, investigating, and resolving queries and requests, for our highly technical vulnerability scanning platform. This may involve technical investigation of reported issues, leveraging your web application knowledge, command-line investigative tooling, setting up customer and trial scans, investigate customer applications to optimise scans, uncovering report false positives, and answering technical questions around vulnerability types and scan results, as well as some UI bug investigation.
How you’ll do it…
- Investigate and respond to vulnerability queries and customer issue reports in a timely, efficient and technically-assured manner.
- Provide advice to customers and internal stakeholders on vulnerability remediation, across web application, networking and cloud/server-less technologies;
- Use command-line and GUI tooling, as well as leveraging SIEM platform and logs for incident investigation;
- Work with developers and software engineers to improve vulnerability scanning and reporting tools, techniques and reports via bug reports and feature requests;
- Assist customers in leveraging our vulnerability scanning platform for maximal value;
- Ensuring that any system issues or outages are proactively reported to customers via status updates;
- Deliver on required SLOs, KPIs and OLAs to deliver on customer commitments.
Who We’re Looking For:
- Web application knowledge from either an Operations, Monitoring, Incident Management, Security, Sysadmin, other DevOps or Vulnerability Management background.
- Sound understanding of network/infrastructure and firewall, proxy and WAF behaviours; internet operation, the Internet protocol suite (TCP/IP) and HTTP protocol;
- An understanding of web application security weaknesses and vulnerabilities.
- Good understanding of single page applications, asynchronous request handling, partial page updates, and AJAX
- Experience of Infrastructure and Web Application Scanning tools (e.g. Burp Suite, Qualys, Nessus).
- Scripting and Linux command line (curl, nmap, etc)
- Experience with a support ticket system (ZenDesk, JIRA, SalesForce ServiceCloud);
- Scripting or basic coding skills (any language, but we use mainly Python)
- Experience with and understanding of REST APIs
What’s In It For You?:
- Join a thriving software company in the cyber security industry!
- Be part of an advanced technology company as we enjoy substantial growth.
- Above market rate salary
- Pension scheme
- Gym member or Westfield health benefit
- Remote working (happy to discuss any set up but aiming for a blended and flexible approach)
- Relaxed and light-hearted company culture