Software Security Analyst – Long-term Contract – Remote
The Solution Review Software Security (Secure Code) Analyst is responsible identifying and tracking software vulnerabilities, as well as recommending design changes to ensure the secure implementation of software solutions with the minimal degree of technical risk. The Secure Code Analyst works to identify, triage, and provide remediation guidance of vulnerabilities within software applications and systems using a variety of tools, techniques, approaches and methodologies.
This is a long-term contract 12-36 months, interview via Teams/video, work East-Coast hours, immediate interview and start!
|% of time
||Act as a subject matter expert for secure coding, exercising proficiency in multiple programming languages and developer frameworks (e.g. C#, ASP.NET, MVC, jQuery, TypeScript, Angular, and Bootstrap). Learn on the fly and assist others to improve the team’s technical expertise and ensure a consistent quality of analysis.
||Leverage automated tools for static and dynamic analysis of software to find defects and vulnerabilities. For example: Fortify On-Demand, WebInspect, Qualys, and Application Insights. Assist in auditing / monitoring compliance of development teams in their use of tools.
? Professional certifications in information technology security; Certified Information System Security Professional (CISSP) preferred
? In depth experience and knowledge of security concepts, threat, threat modeling, vulnerability exploitation, and common website and application vulnerabilities including but not limited to, SQL Injection, Cross-site scripting (XSS) and Session Management
? Experience or knowledge of Fortify, Fortify On-Demand, WebInspect, Qualys, Visual Studio Team Suite, and Azure; Experience with Microsoft technologies such as C# and ASP.NET, as well as common open source code (Bootstrap, JQuery, Angular, TypeScript, etc.)
? Experience with integrating SCA code scanning into the build process and approaches for integration into CI/CD methodologies; experience with DevOps/Agile environments and delivery models
? Code scanning and assessment experience – Manual/Automated/Static/Dynamic using Fortify and Fortify On-Demand
? Background working on large-scale international projects and the ability to manage multiple processes and projects at once
? Bachelor’s degree in Computer Science(s), Information Technology/Security, Systems Engineering or similar area.
? 9-12 years of relevant application develop and IT security experience.
? Experience in supporting software application and system code security assessments using automated tools such as Fortify and Fortify On-Demand.
? A holistic understanding of attack vectors, current threats, and remediation strategies.
? Experience with computer forensics practices and procedures, basic investigations, and evidence handling is preferred.
? Able to provide support outside of standard working hours and support international teams with clear and simple written and spoken communications to both technical and non-technical business customers
? Strong written and oral communication skills for effective communication at all organizational levels; attention to detail and pride in well-presented and accurate work
? Customer and business focus and adeptness in interacting with customers to provide process and technical information in response to inquiries, concerns, and requests about processes, products and services
? Conduct the review of software applications and systems from a security and privacy perspective; review and contribute to client’s IT Standards used in the solution security review process and provide security recommendations and better practices regarding secure software development in waterfall, agile, and DevOps methods
? Bachelor’s degree in Computer Science, Information Technology/Security, Systems Engineering or similar area.
Job ID: 5145