Job Description:

​

• The Analyst will perform technical security activities including the following:

• Assess incoming Bug Bounty submissions and reproduce reports to confirm validity

• Cultivate report metadata to ensure accuracy of metrics reporting

• Collaborate with product teams to review and process external reports

• Provide guidance on effective vulnerability countermeasures

• Test security bug fixes from product teams

• Facilitate mitigation on critical bugs

• Provide subject matter expertise on encryption, security controls, and secure programming practices across client

• Contribute to security policy, standards, and guidelines related to Bug Bounty

• Engage with the community to promote a positive experience for the researchers

• Foster and maintain positive relationships between researchers and client

• Build relationships between Security and Product teams

• Identify opportunities to improve / add capabilities to the existing BB Program

• Leverage Jira to track project efforts

• Establish credibility as a trusted resource to stakeholders, colleagues, and customers across client

• Perform vulnerability scan, analysis, validation and remediation activities.

• Perform network and application penetration testing.

• Validate vulnerabilities discovered through code analysis.

• Classify and prioritize the risk of new vulnerabilities according to the specifics of client environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.

• Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.

• Work with customers to oversee remediation of identified security issues.

• Perform technical and non-technical compliance activities.

• Perform security validation for configuration settings on different systems.

• Create ad-hoc metric requests and documentation

​

Min Qualifications:

​

• 2 years of experience either in Web application testing, Penetration Testing or Bug-Bounty.

• Intermediate scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java).

• Fluent in a variety of web application protocols, operating systems and networking technologies.

• Strong understanding of common network vulnerabilities, OS vulnerabilities (Linux,

• Windows and OSX), patching and attack patterns.

• Intermediate understanding of OWASP Top 10 vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation among others.

• Understanding of CVSS base score methodology

• Strong analytical, problem solving and engineering skills.

• Good written and verbal communication skills.

• Solid organizational skills and strong customer service skills.

• Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).

• Positive and eager energy; motivated to gain a vast variety of knowledge

• Genuine interest in ethical hacking, penetration testing, or other areas of offensive security as a career path

• Punctual and responsive

• Thoroughness in quality of work

• Able to work after hours frequently to address critical bugs

• Able to work in a constantly collaborative environment

​

Desired Qualifications:

​

• Offensive Security Certified Professional (OSCP)

• Experience with Kali Linux via VirtualBox, BurpSuite, Splunk, Jira, Mac OS, Linux

• History of participating in Bug Bounty programs or CTFs

• Track record of identifying and successfully submitting Bug-Bounty findings

​

About ASK: ASK Consulting is an award-winning technology and professional services recruiting firm servicing Fortune 500 organizations nationally. With 5 nationwide offices, two global delivery centers, and employees in 42 states-ASK Consulting connects people with amazing opportunities

​

​

ASK Consulting is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all associates.

​

​