Our Major Financial Client is seeking an Information Security Analyst .
5+ years of related experience
Technical Must Haves:
- Experience with Fortify - Specifically, with AWB, SSC, and SCA. JAVA - ability to work as an analyst is required, development experience preferred. Custom Filters. Git/Bitbucket. Ideally hands-on experience or at least familiarity with vulnerability mgmt governance and process.
Soft Skill Must Haves:
location: Reston, Virginia
job type: Contract
salary: $50.99 - 53.13 per hour
work hours: 8am to 5pm
- Self-motivated Static Code Analyst with a focus and passion on working with application development teams to remediate software vulnerabilities and educate teams on secure coding practices.
- Deep understanding of OWASP Top 10 and other categories of vulnerabilities.
- In-depth understanding of Fortify Source Code Analyzer to perform secure code reviews
- In-depth understanding of using Fortify AWB and SSC
- Ability to quickly and correctly identify false-positives from Fortify SCA scan outputs.
- Must have experience with using custom filters
- Must be experienced in analyzing Java code and good familiarity with common modern Java development tech stacks e.g. Spring MVC, and Spring Boot., Jenkins, Angular, Nodejs
- Must have experience with Git/Bitbucket.
- Experience in Java Server side Development - is preferred
- Must be able to develop shell scripts using regex as well as python
- Understands Vulnerability management and Governance process
Ability to balance multiple SAST (Static Application Security Testing) requests at once
- Experience level: Experienced
- Minimum 5 years of experience
- Education: Bachelors
- SECURITY ANALYST (5 years of experience is preferred)
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.