Job Details

Home

Vulnerability Analyst : Hybrid : No H1b at Remote, Remote, USA

http://bit.ly/4ey8w48
https://jobs.nvoids.com/job_details.jsp?id=856560&uid=

From:

Sam Young,

Swastik IT Services

[email protected]

Reply to: [email protected]

Vulnerability Analyst

Top Skills:

Cloud

CICD integration

Secure code review

Atlanta, New York, OFallon, Miami would prefer St. Louis/ OFallon but any MC location

Hybrid role onsite a few days a month

Atlanta/OFallon rate is $55/hr

Miami/New York is $62/hr

30181

Vulnerability Analyst

Duration: 12 months

Manager: Naresh Jasti

Shortlisting: Monday 9/22

Supporting team to roll out SAST/OSA service and secure SDLC artifacts

top 3 skills

Development Background

Secure code review (ex: Checkmarx SAST/SCA)

Builder Tools (ex: Artifactory/Xray, Bitbucket, Jenkins)

Nice to have:

Automation, Analytical, Dashboards, Splunk, DAST/IAST & Application Pen testing

Overview:

Seeking Senior DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST), software composition analysis (SCA) and Artifact Vulnerability Management. Candidate must have experience in performing application security code review, opensource vulnerability management, building and improvising SSDLC process in an enterprise environment. Experience with black box, grey box, white box and penetration testing is desired.

Responsibilities:

Perform secure source code review and software composition analysis for the proprietary applications (web, mobile, web service, etc.). The assessment may involve manual testing and analysis as well as use of automated application vulnerability scanning/testing tools.

Support the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process, tools integration and automation.

Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies

Able to assist in set up strategic direction for application security and vulnerability management programs across the enterprise.

Support CI/CD and build pipelines with an understanding of quality and security gates and enable integration of automated solutions to increase security posture.

Responsible for the use and operational maintenance of application security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.

Develop, enhance, and provide input into development of KPI, KRI and other metrics.

Understand and implement security policies, standards, industry best practices and compliance requirements

Take lead on medium size projects. Ability to create business and technical requirements for project and implementation plan.

Responsible for project documentation, including maintaining technical documents and business requirements

Strong communication and technical skills with the ability to communicate between business and technical stakeholders

Experience:

Hands-on experience in application secure source code review, software composition analysis, opensource library and artifact vulnerability management

Prior experience in writing the code using one or more languages: Java, .Net, Groovy, Python and Power is desired

Knowledge of secure software development life cycle (SSDLC), CI/CD pipeline, Container, Cloud, DevSecOps and SSDLC process automation is desired

Experience with the following source code repositories, build systems and Artifactory is a plus: SVN, GIT, Bitbucket, Jenkins and JFrog Artifactory.

Familiar with common frameworks, spanning frontend, backend and Package managers (Angular, Bootstrap, Node, Struts, Spring, .NET MVC, Maven, npm, nuget etc.).

Familiar with data analytics and dashboard development using Splunk, Domo and Alteryx

Strong relationship building skills and collaborative style to enable success across multiple partners is desired

Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies

Familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, SHREMS II, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000

[email protected]

Keywords: continuous integration continuous deployment information technology
http://bit.ly/4ey8w48
https://jobs.nvoids.com/job_details.jsp?id=856560&uid=

[email protected]
View All

03:30 AM 15-Nov-23

To remove this job post send "job_kill 856560" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

sam@swastikits.com wrote:
From:

Sam Young,

Swastik IT Services

sam@swastikits.com

Reply to:   sam@swastikits.com

Vulnerability Analyst

Top Skills:

Cloud

CICD integration

Secure code review

Atlanta, New York, OFallon, Miami  would prefer St. Louis/ OFallon but any MC location

Hybrid role onsite a few days a month

Atlanta/OFallon rate is $55/hr

Miami/New York is $62/hr

30181

Vulnerability Analyst

Duration: 12 months

Manager: Naresh Jasti

Shortlisting: Monday 9/22

Supporting team to roll out SAST/OSA service and secure SDLC artifacts

top 3 skills

Development Background

Secure code review (ex: Checkmarx SAST/SCA)

Builder Tools (ex: Artifactory/Xray, Bitbucket, Jenkins)

Nice to have:

Automation, Analytical, Dashboards, Splunk, DAST/IAST & Application Pen testing

Overview:

Seeking Senior DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST), software composition analysis (SCA) and Artifact Vulnerability Management. Candidate must have experience in performing application security code review, opensource vulnerability management, building and improvising SSDLC process in an enterprise environment. Experience with black box, grey box, white box and penetration testing is desired.

Responsibilities:

Perform secure source code review and software composition analysis for the proprietary applications (web, mobile, web service, etc.). The assessment may involve manual testing and analysis as well as use of automated application vulnerability scanning/testing tools.

Support the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process, tools integration and automation.

Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies

Able to assist in set up strategic direction for application security and vulnerability management programs across the enterprise.

Support CI/CD and build pipelines with an understanding of quality and security gates and enable integration of automated solutions to increase security posture.

Responsible for the use and operational maintenance of application security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.

Develop, enhance, and provide input into development of KPI, KRI and other metrics.

Understand and implement security policies, standards, industry best practices and compliance requirements

Take lead on medium size projects. Ability to create business and technical requirements for project and implementation plan.

Responsible for project documentation, including maintaining technical documents and business requirements

Strong communication and technical skills with the ability to communicate between business and technical stakeholders

Experience:

Hands-on experience in application secure source code review, software composition analysis, opensource library and artifact vulnerability management

Prior experience in writing the code using one or more languages: Java, .Net, Groovy, Python and Power is desired

Knowledge of secure software development life cycle (SSDLC), CI/CD pipeline, Container, Cloud, DevSecOps and SSDLC process automation is desired

Experience with the following source code repositories, build systems and Artifactory is a plus: SVN, GIT, Bitbucket, Jenkins and JFrog Artifactory.

Familiar with common frameworks, spanning frontend, backend and Package managers (Angular, Bootstrap, Node, Struts, Spring, .NET MVC, Maven, npm, nuget etc.).

Familiar with data analytics and dashboard development using Splunk, Domo and Alteryx

Strong relationship building skills and collaborative style to enable success across multiple partners is desired

Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies

Familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, SHREMS II, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000

Sam@swastikits.com

Keywords: continuous integration continuous deployment information technology

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]

Time Taken: 1

Location: ,