Contract Application Security Analyst

Contract

Vignetic

Contract Application Security Analyst Jersey City, New Jersey

Title: Contract Application Security Architect

Job Type: Contract

Primary Location:  Jersey City, New Jersey (Hybrid)

The Challenge:

Vignetic is looking for an Applications Security Analyst to join the CISO group. The individual will be responsible for assisting with the implementation of an enterprise-wide software application security program.  This position will proactively work within the company and agency application development teams, support staff and IT leadership to promote secure software development and active detection of vulnerabilities and exploitable code.  He or she will be directly involved in management of various application scanning tools, script writing and advising on application vulnerability remediation.  The ideal candidate is analytical, understands risk and is knowledgeable in application development. Willingness to learn and flexibility is a must, as day-to-day assignments can vary greatly.

Roles & Responsibilities:

  • Use development experience to create necessary scripts to meet various needs of software security program.
  • Assist with management of security champion program with development teams
  • Assist with management of application scanning program (DAST, SAST, SCA, IAST, etc.) including identifying applications that require scanning, managing on boarding of applications into scanning programs, and working with development teams to understand and remediate findings.
  • Research and present on topics to development teams focused on specific application vulnerabilities or application security areas of interest to teams
  • Assist with creating, editing, and revising standard policies and procedures and documentation of technical processes
  • Assist with validating and explaining security vulnerabilities reported via scanning, security researchers, users, etc.
  • Participate as needed in Incident Response, Threat Hunts, Penetration Testing, and other tasks as they relate to application security
  • Take on additional responsibilities as applicable.

Essential Skills & Qualifications:

  • Development experience using Python, BASH, Ruby, or other scripting languages
  • Understanding of OWASP Top 10 and SANS Top 25
  • Understanding of Software Development CWE classes
  • Understanding of Secure Software Development Life Cycle
  • Knowledgeable about Software Development related CIS controls
  • Knowledge on NIST-800-53 and OPA hands on.
  • Knowledge on Zero trust security will be advantage.
  • Should have exposure on API security.
  • Knowledgeable about modern web application frameworks like Node.js, React.js, Angular, Ruby on Rails, Laravel, etc.
  • Should have experience on Jenkins, GIT, Bitbucket, Jfrog, Quay, ECR, Docker, OCP, Kubernetes
  • Knowledge on Cryptography, network, and web related protocols (such as TCP/IP/UDP/HTTP, HTTPS, Protocols)
  • Experienced in cloud Native and Container security Kubernetes, OCP. Must have hands-on CICD scan. Tools – Prisma Cloud, Aquasec, or Wiz.
  • Candidate should have work experience on multi cloud environment -AWS, AZURE, GCP
  • Knowledgeable about Dev Sec Ops, IAC, and securing CI/CD Pipelines.
  • Should have good knowledge on Application security, Thread-modelling, Source code analysis, Source code composition, DAST, Vault exposure.
  • Appsec tools – Burp-Suite, ZAP, Veracode, Checkmarx, Snyk, Thread modeler, Qualys web scanner, Hashicorp Vault, Prisma Cloud, Aquasec, and Wiz
  • Ability to see the big picture and keep it in mind while performing operational activities, vetting vendors and tools, and apply all of these things when helping plan the next phases of our software security program
  • Able to work on multiple projects simultaneously in a fast-paced environment 
  • 5 years + of IT/IS experience at a top ten accounting or cybersecurity firm
  • Bachelor’s Degree in the following programs (or equivalent):
  • Management/Computer Information Systems
  • Information Assurance
  • Cybersecurity
  • Accounting/Business major who completed basic MIS/IT courses
  • In the process of or have already taken the exam for an IS-related certification (e.g., CISSP)

#IND123

Tagged as: Contract Application Security Analyst