Vulnerability Remediation Analyst - Application
My client requires an experienced Vulnerability Remediation Analyst to join their project.
This position will be responsible for driving application vulnerability remediation in all phases of the Software Development Life Cycle (SDLC). They will work with development teams, business groups, and risk management teams to understand the remediation timelines and provide remediation guidance as needed.
The qualified candidate will possess a working knowledge of multiple programming languages (C#, Java, Ruby, Python, and .NET) and be able to read and understand code; utilizing that knowledge to assist in remediation of application level vulnerabilities across the deployment process. The individual must have a knowledge of built-in security practices, knowledge of the application remediation life cycle, have excellent communication and time management skills, and be effective at influencing individuals outside of their reporting structure.
This is a hands-on role that involves evaluating and enforcing application security in all phases of the Software Development Life Cycle (SDLC). This position will work closely with our development teams to define the application security best practices and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.
All members of the Vulnerability Management team will work collectively to improve the overall capabilities of identifying and remediating weaknesses in the enterprise by continuously improving the vulnerability management program.
* Excellent problem solving and analytical skills
* Outstanding oral and written communication skills
* Self-motivation and the ability to work under minimal supervision are a must.
* Experience with any of the following: Veracode, Synopsys, SonarQube, Sonatype, and other security inspection and analysis solutions.
* Experience with common SDLC tools: static and dynamic code analysis, open source management, threat modelling, etc.
* Assist with program assessments ensuring programmatic goals are well documented.
* Foundational knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by malicious actors.
* Foundational knowledge of cloud-based infrastructures/software and how they affect security needs.
* Good working knowledge of industry and commonly adopted secure standards, practices (eg applicable NIST standards, CIS, ISO, OWASP, SANS, BSIMM, and CERT)