Ryan Consulting Group - Web App Security bei Ryan Consulting Group

Pay Range: Based on experience $135,000 - $145,000      

Shift options: (Morning) 6:00 am – 3:00 pm | (Swing) 2:00 pm – 11:00 pm | (Overnight) 10:00 pm – 7:00 am 

**ONE WEEKEND PER MONTH REQUIRED** 

Ryan consulting Group, Inc. is seeking support of the Web Application Security Program (WASP) mission to ensure that security is integrated systematically and comprehensively throughout the Software Development Life Cycle (SDLC).

• Perform security reviews of web application architectures, APIs, and supporting infrastructure.
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools.
• Conduct application spidering, fuzzing, and business logic abuse testing to identify vulnerabilities.
• Execute Web Application Penetration Testing against modern frameworks (e.g., React, Angular, Node.js, Django, Flask, .NET Core).
• Test APIs using REST and GraphQL fuzzing, schema validation, and security automation.
• Identify and validate vulnerabilities such as:
• OWASP Top 10
• Business Logic flaws
• API Security vulnerabilities (OWASP API Top 10)
• Authentication and authorization weaknesses
• Deserialization and injection flaws
• Conduct manual exploit validation beyond automated tool output to reduce false positives.
• Develop and maintain test automation scripts using frameworks like Burp Suite Extender API, ZAP scripting, and custom Python tools.
• Integrate security testing into CI/CD pipelines using GitLab CI, GitHub Actions, Jenkins, or Azure DevOps.
• Utilize SCA (Software Composition Analysis) tools to identify vulnerable dependencies (e.g., Snyk, Dependency-Check, Black Duck).
• Implement the Common Weakness Scoring System (CWSS) and assist in Common Vulnerability Scoring System (CVSS) ratings for prioritization.
• Generate technical reports and provide remediation guidance to developers, system owners, and ISSOs.
• Provide monthly and annual program metrics including trends in vulnerability classes, remediation timelines, and residual risk.

Required Tools & Hands-On Skills

• Web Security Testing & Automation: Burp Suite Pro, OWASP ZAP, Postman, Fiddler, mitmproxy.
• SAST/DAST: Checkmarx, Fortify, Veracode, SonarQube, Acunetix, AppScan.
• SCA (Software Composition Analysis): Snyk, OWASP Dependency-Check, Black Duck, Mend.
• Fuzzing & Exploit Development: AFL, Peach Fuzzer, boofuzz.
• API Security Testing: Postman, Insomnia, ReadyAPI, Burp Suite extensions for GraphQL/REST.
• CI/CD Security Integration: GitLab CI, Jenkins, GitHub Actions, Azure DevOps with security plugins.
• Containers & Cloud Security (preferred): Docker, Kubernetes, AWS Inspector, Prisma Cloud.

Qualifications

• Active Secret Security Clearance 
• At least 5 years of related experience.
• Strong knowledge of the OWASP Top 10 and OWASP ASVS.
• Familiarity with CWE, NIST 800-53/171, and DISA STIGs.
• Hands-on experience with scripting languages (Python, Bash, PowerShell, JavaScript).
• Familiarity with DevSecOps practices and secure coding guidelines.
• Ability to communicate complex findings clearly to both technical and non-technical stakeholders.

A certification from each of the below categories is required:

DoD IAT II required certification/s (one of the following):

• CCNA-Security
• CySA+ (CSA+)
• GICSP
• GSEC
• Security+ CE
• CND
• SSCP
• GWAPT
• OSWE
• eWPT

CSSP-AU required certification/s (one of the following):

• GSNA
• CISA 

Statements

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group, Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment, including recruitment, hiring, promotion, training, compensation, benefits, and termination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.

Ryan Consulting Group, Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process, please contact [email protected].

Drug-Free Workplace Statement

Ryan Consulting Group, Inc. is committed to maintaining a drug-free workplace, in compliance with the Drug-Free Workplace Act of 1988, which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety, health, and productivity of our workforce, and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group, Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.