Security Software Analyst Jersey City, New Jersey
Title: Security Software Analyst
Job Type: Permanent
Primary Location: Jersey City, New Jersey
Vignetic is looking for a Software Security Analyst to join the CISCO group. The individual will be responsible for assisting with the implementation of an enterprise-wide software application security program. This position will proactively work with agency application development teams, support staff, and IT leadership to promote secure software development and active detection of vulnerabilities and exploitable code. This candidate will be directly involved in management of various application scanning tools, script writing and advising on application vulnerability remediation.
Role & Responsibilities:
- Use development experience to create necessary scripts to meet various needs of software security program.
- Assist with management of security champion program with development teams.
- Assist with management of application scanning program (DAST, SAST, SCA, IAST, etc) including identifying applications that require scanning, managing on boarding of applications into scanning programs, and working with development teams to understand and remediate findings.
- Research and present on topics to development teams focused on specific application vulnerabilities or application security areas of interest to teams.
- Assist with creating, editing, and revising standard policies and procedures and documentation of technical processes.
- Assist with validating and explaining security vulnerabilities reported via scanning, security researchers, users, etc.
- Participate as needed in Incident Response, Threat Hunts, Penetration Testing, and other tasks as they relate to application security.
- Take on additional responsibilities as applicable.
Essential Skills& Qualifications:
- Development experience using Python, BASH, Ruby, or other scripting languages
- Understanding of OWASP Top 10 and SANS Top 25
- Understanding of Software Development CWE classes
- Understanding of Secure Software Development Life Cycle
- Knowledgeable about Software Development related CIS controls
- Knowledge on NIST-800-53 and OPA hands on
- Knowledge on Zero trust security will be advantage
- Should have exposure on API security
- Knowledgeable about modern web application frameworks like Node.js, React.js, Angular, Ruby on Rails, Laravel, etc.
- Should have experience on Jenkins, GIT, Bitbucket, Jfrog, Quay, ECR, Docker, OCP, Kubernetes
- Knowledge on Cryptography, network, and web related protocols (such as TCP/IP/UDP/HTTP, HTTPS, Protocols)
- Experienced in cloud Native and Container security Kubernetes, OCP. Must have hands-on CICD scan. Tools – Prisma Cloud, Aquasec, Wiz any one.
- Candidate should have work experience on multi cloud environment -AWS, AZURE, GCP
- Knowledgeable about Dev Sec Ops, IAC, and securing CI/CD Pipelines
- Should have good knowledge on Application security, Thread-modelling, Source code analysis, Source code composition, DAST, Vault exposure
- Appsec tools – Burp-Suite, ZAP, Veracode, Checkmarx, Snyk, Thread modeler, Qualys web scanner, Hashicorp Vault, Prisma Cloud, Aquasec, and Wiz
- Ability to see the big picture and keep it in mind while performing operational activities, vetting vendors, and tools, and apply all these things when helping plan the next phases of our software security program
- Able to work on multiple projects simultaneously in a fast-paced environment
- 2-4 years of IT/IS experience at a top ten accounting or cybersecurity firm
- Graduates who majored in the following programs (or equivalent)
- Management/Computer Information Systems
- Information Assurance
- Accounting/Business major who completed basic MIS/IT courses
- In the process of or have already taken the exam for an IS-related certification (e.g., CISSP)