Web App Security

Pay Range: Based on experience$135000 - $145000

Shift options: (Morning) 6:00 am 3:00 pm (Swing) 2:00 pm 11:00 pm (Overnight) 10:00 pm 7:00 am

**ONE WEEKEND PER MONTH REQUIRED**

Ryan consulting Group Inc. is seeking support of the Web Application Security Program (WASP) mission to ensure that security is integrated systematically and comprehensively throughout the Software Development Life Cycle (SDLC).

• Perform security reviews of web application architectures APIs and supporting infrastructure.
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools.
• Conduct application spidering fuzzing and business logic abuse testing to identify vulnerabilities.
• Execute Web Application Penetration Testing against modern frameworks (e.g. React Angular Django Core).
• Test APIs using REST and GraphQL fuzzing schema validation and security automation.
• Identify and validate vulnerabilities such as:
• OWASP Top 10
• Business Logic flaws
• API Security vulnerabilities (OWASP API Top 10)
• Authentication and authorization weaknesses
• Deserialization and injection flaws
• Conduct manual exploit validation beyond automated tool output to reduce false positives.
• Develop and maintain test automation scripts using frameworks like Burp Suite Extender API ZAP scripting and custom Python tools.
• Integrate security testing into CI/CD pipelines using GitLab CI GitHub Actions Jenkins or Azure DevOps.
• Utilize SCA (Software Composition Analysis) tools to identify vulnerable dependencies (e.g. Snyk Dependency-Check Black Duck).
• Implement the Common Weakness Scoring System (CWSS) and assist in Common Vulnerability Scoring System (CVSS) ratings for prioritization.
• Generate technical reports and provide remediation guidance to developers system owners and ISSOs.
• Provide monthly and annual program metrics including trends in vulnerability classes remediation timelines and residual risk.

Required Tools & Hands-On Skills

• Web Security Testing & Automation: Burp Suite Pro OWASP ZAP Postman Fiddler mitmproxy.
• SAST/DAST: Checkmarx Fortify Veracode SonarQube Acunetix AppScan.
• SCA (Software Composition Analysis): Snyk OWASP Dependency-Check Black Duck Mend.
• Fuzzing & Exploit Development: AFL Peach Fuzzer boofuzz.
• API Security Testing: Postman Insomnia ReadyAPI Burp Suite extensions for GraphQL/REST.
• CI/CD Security Integration: GitLab CI Jenkins GitHub Actions Azure DevOps with security plugins.
• Containers & Cloud Security (preferred): Docker Kubernetes AWS Inspector Prisma Cloud.

Qualifications

• Active Secret Security Clearance
• At least 5 years of related experience.
• Strong knowledge of the OWASP Top 10 and OWASP ASVS.
• Familiarity with CWE NIST 800-53/171 and DISA STIGs.
• Hands-on experience with scripting languages (Python Bash PowerShell JavaScript).
• Familiarity with DevSecOps practices and secure coding guidelines.
• Ability to communicate complex findings clearly to both technical and non-technical stakeholders.

A certification from each of the below categories is required:

DoD IAT II required certification/s (one of the following):

• CCNA-Security
• CySA (CSA)
• GICSP
• GSEC
• Security CE
• CND
• SSCP
• GWAPT
• OSWE
• eWPT

CSSP-AU required certification/s (one of the following):

• GSNA
• CISA

Statements

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment including recruitment hiring promotion training compensation benefits and termination. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or any other characteristic protected by applicable law.

Ryan Consulting Group Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process please contact

Drug-Free Workplace Statement

Ryan Consulting Group Inc. is committed to maintaining a drug-free workplace in compliance with the Drug-Free Workplace Act of 1988 which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety health and productivity of our workforce and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.