Vulnerability Discover Analyst

I am looking to find the right candidate for a Vulnerability Discovery Analyst opening. 
Please contact me at jo'connor@tiaa-cref.org if you are interested.
 
Information Security Threat and Vulnerability Management Group Vulnerability Discovery Analyst This candidate will be primarily responsible for assessment of application and system compliance to security standards and baselines. Assessments will cover a complex application environment including a mix of J2EE, .Net and other languages/platforms. 
 
All discovered vulnerabilities must be communicated to the responsible parties and action plans developed for timely remediation.
Metrics and reporting to senior management will demonstrate overall security risk reduction and business benefit of this program. 
Functional Duties Planning and managing the delivery of Information Security penetration tests and source code reviews on high risk applications Partnership with Risk, Compliance, and Audit to determine the high risk applications and creation of formal testing schedules. Organization and communication with external firms for external vendors to perform penetration tests. 
Responsible for developer application security awareness and education Deployment and maintenance of automated source code security solutions Assisting with the development of a best-in-class testing methodology based on application risk scoring. Provide expert assistance to application groups concerning application security. Support the Information Security project team by leading efforts requiring application security subject matter experts. 
 
Preferred Skills and Background Knowledge with modern application architectures and platforms, their development challenges, their control configurations, and their inherent security strengths and weaknesses (J2EE, .Net) Experience with object oriented development with Java or .Net Strong technical, operational expert that can implement technology that enables business processes. 
Understanding of current threats and exploits to include experience with threat remediation. 
Understanding of operating systems and application security configuration Understanding of OWASP methodology Experience with vulnerability assessment tools Knowledge of ethical hacking and penetration testing techniques including the following Preferred Skills and Background (Continued) Understanding of common security issues & risks Understanding of protocols such as HTTP & SSL Application security experience with SQL injection, buffer overflows, parameter manipulation, cross-site scripting, etc.
Good judgment and analytical skills, strong follow-up and organizational skills are paramount skills for the successful candidate.
Ability to communicate technical information in understandable business terms. Strong negotiation and persuasion skills.
Ability to have good working relationships with outside vendors and developing relationships with professional organizations, peer groups, and industry trade groups and conferences to stay current with technology. Excellent documentation skills. Knowledge of one or more risk assessment methodologies a plus. 
 
Degrees/Certification/License/Experience:
 
Bachelor's degree in information security, computer science, engineering, telecommunications, or related discipline. 3-5 years or more of related experience in Information Security performing any of the following: vulnerability assessment/management, ethical hacking, penetration testing, application security, etc. Security certifications such as CISSP, GIAC, Security+ desirable.