Penetration Test Analyst - DCRI TDS
- Employer
- Duke University
- Location
- DCRI - Business IT
View more
- Administrative Jobs
- Institutional & Business Affairs, Safety & Security, Technology, Analysts & Programming
- Employment Type
- Full Time
- Institution Type
- Four-Year Institution
Job Details
School of Medicine:
Established in 1930, Duke University School of Medicine is the youngest of the nation’s top medical schools. Ranked tenth among its peers, the School takes pride in being an inclusive community of outstanding learners, investigators, clinicians, and staff where traditional barriers are low, interdisciplinary collaboration is embraced, and great ideas accelerate translation of fundamental scientific discoveries to improve humanhealth locally and around the globe.
Comprised of 2,400 faculty physicians and researchers, the Duke University School of Medicine along with the Duke University School of Nursing and Duke University Health System create Duke Health. Duke Health is a world-class health care network. Founded in 1998 to provide efficient, responsive care, the health system offers a full network of health services and encompasses Duke University Hospital, Duke Regional Hospital, Duke Raleigh Hospital, Duke Primary Care, Private Diagnostic Clinic, Duke Home and Hospice, Duke Health and Wellness, and multiple affiliations.
Position SummaryThe Technology and Data Solutions Sr. Analyst, IT - Information Security Analyst Penetration Tester supports web application and mobile application security. This role works with DCRI application owners as well as the Duke Health Information Security Office (ISO) team members to identify and mitigate security vulnerabilities in applications identified through testing. Communication with business owners, application owners, security teams, and development partners is critical in this role. The Sr. Analyst, IT - Information Security Analyst Penetration Tester also act as an application security SME for the development and security communities across Duke. Position Responsibilities
- Perform Web application and mobile application penetration testingDeliver network, service, or host-based security posture testingMeet with application teams to collect information and determine scope of testingConfigure, maintain and use scanning and testing toolsManually verify security vulnerabilities identified using automated toolsPerform manual testing to supplement results of automated scanning and testing toolsProvide status updates and resolve issues that affect testing as requiredDocument identified security vulnerabilities in a clear, concise and prioritized mannerConsult with application owners and review identified security vulnerabilities and remediation plansRetest identified issues or deployed remediation fixes to verify resolution of security vulnerabilitiesMaintain an electronic or paper trail of testing activity for audit/documentation purposesMaintain an overall inventory of applications, owners, and testing results
- Provide application security consulting (SME) support as neededProvide for root cause analysis and incident management investigation with CSIRT teamProvide or attend security training as requiredStay up-to-date on emerging security vulnerabilities and attack methodsDevelop and review malicious use cases/threat modelsMaintain a broad understanding of security technologies and productsParticipate actively in improving the security culture and education throughout the organization
- One or more information security, industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred.Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.
- 3+ years of information security experience2+ years of Application Security Testing experience2+ years of information security penetration tools experienceMust have working or expert knowledge of least three of the information security practices, standards, and systems described above.Must have working or expert knowledge of at least two of the regulatory compliance requirements and IT management frameworks described above.
- -Self-starter who is able to work with minimal direction- Able to work effectively across multiple technical disciplines- Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties
- Certifications such as CEH, OSCP, OSWE, CISSPAdvanced Information Security technical skillsMobile and Web application security:Mobile and Web Application Pentesting Process and MethodologyWeb Application VulnerabilitiesWeb Application AttacksAndroid Application ComponentsAndroid Application AttacksiOS Application ComponentsiOS Application AttacksSecure Coding Principles
Minimum Qualifications
Education
Refer to Job Description
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
Organization
Duke University was created in 1924 by James Buchanan Duke as a memorial to his father, Washington Duke. The Dukes, a Durham family that built a worldwide financial empire in the manufacture of tobacco products and developed electricity production in the Carolinas, long had been interested in Trinity College. Trinity traced its roots to 1838 in nearby Randolph County when local Methodist and Quaker communities opened Union Institute. The school, then named Trinity College, moved to Durham in 1892, where Benjamin Newton Duke served as a primary benefactor and link with the Duke family until his death in 1929. In December 1924, the provisions of indenture by Benjamin’s brother, James B. Duke, created the family philanthropic foundation, The Duke Endowment, which provided for the expansion of Trinity College into Duke University.
As a result of the Duke gift, Trinity underwent both physical and academic expansion. The original Durham campus became known as East Campus when it was rebuilt in stately Georgian architecture. West Campus, Gothic in style and dominated by the soaring 210-foot tower of Duke Chapel, opened in 1930. East Campus served as home of the Woman's College of Duke University until 1972, when the men's and women's undergraduate colleges merged. Both men and women undergraduates now enroll in either the Trinity College of Arts & Sciences or the Pratt School of Engineering. In 1995, East Campus became the home for all first-year students.
Duke maintains a historic affiliation with the United Methodist Church.
Home of the Blue Devils, Duke University has about 13,000 undergraduate and graduate students and a world-class faculty helping to expand the frontiers of knowledge. The university has a strong commitment to applying knowledge in service to society, both near its North Carolina campus and around the world.
Mission Statement
"James B. Duke's founding Indenture of Duke University directed the members of the University to 'provide real leadership in the educational world' by choosing individuals of 'outstanding character, ability, and vision' to serve as its officers, trustees and faculty; by carefully selecting students of 'character, determination and application;' and by pursuing those areas of teaching and scholarship that would 'most help to develop our resources, increase our wisdom, and promote human happiness.'
“To these ends, the mission of Duke University is to provide a superior liberal education to undergraduate students, attending not only to their intellectual growth but also to their development as adults committed to high ethical standards and full participation as leaders in their communities; to prepare future members of the learned professions for lives of skilled and ethical service by providing excellent graduate and professional education; to advance the frontiers of knowledge and contribute boldly to the international community of scholarship; to promote an intellectual environment built on a commitment to free and open inquiry; to help those who suffer, cure disease, and promote health, through sophisticated medical research and thoughtful patient care; to provide wide ranging educational opportunities, on and beyond our campuses, for traditional students, active professionals and life-long learners using the power of information technologies; and to promote a deep appreciation for the range of human difference and potential, a sense of the obligations and rewards of citizenship, and a commitment to learning, freedom and truth.
“By pursuing these objectives with vision and integrity, Duke University seeks to engage the mind, elevate the spirit, and stimulate the best effort of all who are associated with the University; to contribute in diverse ways to the local community, the state, the nation and the world; and to attain and maintain a place of real leadership in all that we do.”
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert