Senior Cybersecurity Analyst

Job Description

Responsibilities:

• Identify true positive risks, threats, vulnerabilities and exploits in applications through validating vulnerability results produced by industry standard SAST tools
• Define information security policies and standards that support secure coding practices
• Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities
• Integrate & Implement SAST tools in DevSecOps pipeline to improve application security posture
• Educate employees on secure coding and development best practices

Required Skills :

• 2+ years of relevant Security Engineering or Application Security experience , preferably in Static Application Security Testing (SAST) / Secure Code Review
• Bachelors or Masters in Computer Science/Engineering or related field
• Capable in thorough identification of False Positives and False Negatives
• Ability to demonstrate the vulnerabilities and the threats presented by vulnerabilities
• Thorough, detail-oriented and quality-driven with excellent communication and inter-personal skills
• Familiarity of SSDLC (Secure Software Development Life Cycle) or SDL (Secure Development Lifecycle)
• Experience validating application vulnerabilities to determine true positive findings and communicating resolution strategies to development
• Knowledge of common software and web application vulnerabilities, such as the OWASP Top 10.
• Able to deliver quality results in a high-energy/high-pressure environment
• Ability to multi-task and manage demands of many projects, issues, and tasks
• Ability to perform duties with minimal supervision
• Knowledge/experience in Secure Code Review of at least 2 or more below programming languages:
  • C, C++, C#, PHP, Perl, GO, Python, Objective-C, Java, .Net, JavaScript
• Experience in developing scripts and building utilities to automate tasks using one or more scripting languages, preferably Python.
• Experience or understanding of DevSecOps practices and CICD Pipelines

Nice To Have:

• Previous Software Engineering experience developing/debugging is a significant plus
• Relevant industry training and/or certification is a plus: CSSLP, CISSP, OSCP, GWAPT, or GPEN

Tools and Capabilities:

• SAST Tools such as: Fortify (FoD or OnPrem), Veracode, Checkmarx, Coverity

• Language Familiarity: C, C++, C#, PHP, Perl, GO, Python, Objective-C, Java, .Net

Professional Position Overview:

The Application Security Engineer will be responsible for completing the following tasks:

• Identification of potential risks , threats, flaws, vulnerabilities and exploits in applications through validating vulnerability results produced by industry standard SAST tools
• Perform secure code reviews of applications
• Aide in the definition and maintenance of security policies and standards to support the Secure Development LifeCycle
• Support the automation of security testing to drive efficiency in discovery, tracking and resolution of security vulnerabilities
• Assist in the education of engineers on secure coding and development best practices

The Application Security Engineer in this position will spend 90% of their time reviewing Static Application Security Testing results to remove false positives and deliver true positive remediation recommendations for business applications and services. In this role you are expected to:

• Understand the internal review process and procedures for assessing the security state of applications and services
• Have a strong working knowledge of software and web application vulnerabilities, such as the OWASP Top 10.
• Understand SAST tools and related software used for performing static code analysis
• Perform automated static code analysis to identify vulnerabilities and flaws
• Document findings and drive remediation validation of identified true positive vulnerabilities
• Support on-call activities and rotation

The Application Security Engineer in this position will spend 5% of their time providing support and assistance to implementing SAST solutions to new applications. In this role you are expected to:

• Maintain SAST policies and procedures documentation and communicate needed enhancements
• Assist in the implementation and automation of SAST solutions to business applications
• Support the integration of SAST solutions to pre-build, build and post-build environments

The Application Security Engineer in this position will spend 5% of their time providing education and training of developers in secure development. In this role you are expected to:

• Assist engineers with remediation recommendations needed to resolve identified vulnerabilities
• Facilitate educational opportunities for secure coding practices
• Support Application Security Champions and Advocates in the engineering organization

Keyskills :
sieminformation securitynetworkingcustomer relationsidssecure code reviewapplication security testingcode reviewmusic makingsecure codingweb applicationsecurity testingcoding practicesindustry trainingsoftware developmentsoftware engineerin