Job Description

Cognizant (Nasdaq - 100: CTSH) is one of the worlds leading professional services companies transforming clients business, operating, and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build, and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 194 on the Fortune 500 and is consistently listed among the most admired companies in the world.About Cognizant HealthcareCognizant Healthcare is a recognized industry leading provider of healthcare software and software services. This software helps medical providers and insurance payers to efficiently manage healthcare data, insurance information, and the interactions between these parties. Due to the sensitive and regulated nature of the data processed, information security is paramount.On the Corporate Security team at Cognizant, we challenge ourselves every day to continuously meet the highest standards of security. Our purpose is to deliver world class security and risk management capabilities to protect and enable Cognizants trusted global business while creating client value and competitive differentiation. From oversight and coordination of security efforts to compliance and risk management, the Corporate Security teams responsibilities span across multiple partners and clients in the marketplace to defend against todays threats. Come join us and help build more secure and resilient infrastructure for the future!Cognizants Threat & Vulnerability Management team is responsible for providing governance (to include policy and standards) to discover, report, and track vulnerability remediation across Cognizant assets. TID service catalog includes vulnerability scanning, network security policy management, policy and configuration compliance, application reviews for use of security controls and standards, secure software development lifecycle training scans and application penetration testing, reputation management, image hardening, infrastructure penetration testing, Cloud posture check management and ServiceNow development.Position DescriptionProvide deep technical expertise in application security, perform web application security assessments mobile application security assessments. Set up and maintain the integrity of scans performed by Dynamic Application Security Testing (DAST) tools, performing manual validations of issues from DAST scans, and consult and guide development teams on how best to avoid and resolve security issues.

• Conduct manual security assessments on web and mobile applications
• Manage Dynamic Application Security Testing (DAST)
• Manually validate security findings from application and vulnerability scans
• Perform independent research to stay current on the latest relevant threats
• Improve the overall web security assessment program by updating shared resources with Tactics, Techniques, and Procedures (TTPs)
• Clearly document security findings and present issues to development teams
• Reduce the risk posture of the environment by conducting regular security gap analysis
• Integrate security tools, standards and processes into the security assessment process
• Support incident response and architecture review processes whenever security expertise is needed

Qualifications\xc2\xb7 Minimum of bachelors degree in Computer Science, cybersecurity, or a related field\xc2\xb7 Minimum of 3 years of experience performing technical security assessments\xc2\xb7 Minimum of 2 years of experience performing manual application security assessments with Burp Suite\xc2\xb7 Deep technical understanding of web application and mobile application security issues\xc2\xb7 Knowledge and understanding of OWASP top 10, and the ability to explain them.\xc2\xb7 Fluent in Portswigger\xc2\xb7 Experience with Mobile Threat Modeling\xc2\xb7 Experience with mobile security frameworks (Android, iOS)\xc2\xb7 Experience performing external network penetration testing activities to identify vulnerabilities in infrastructure\xc2\xb7 Experience setting up and performing research in a lab environment\xc2\xb7 Ability to translate security concepts into language that is meaningful to a broad audience\xc2\xb7 Demonstrate ability to influence decision-making processes at all levels of Cognizant team\xc2\xb7 At least one of the following certifications or similar application security/threat and vulnerability certifications: BSCP, GWAPT, OSCP\xc2\xb7 Must be reliable, adaptable, and resilient\xc2\xb7 Excellent written and verbal communication skills.\xc2\xb7 Excellent organization skills\xc2\xb7 Must be able to think methodically, attention to detail, and a healthy paranoia\xc2\xb7 Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks\xc2\xb7 Outstanding work ethic\xc2\xb7 Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources\xc2\xb7 Excellent judgment and self-motivation\xc2\xb7 Experience working with global teams across time zones, cultures and languages

Cognizant