JobHire
face icon
Register to automatically apply for this and similar jobs
Register
star

Information Security Analyst - Code and Vulnerability Analysis

Stafford Gray

N/Aindiana

Job Details

Contract

Full Job Description

Information security analyst position that functions as primary security code auditor for the agency's primary application.

Key Responsibilities:

  • Analyze code scan output from Veracode and SonarQube, along with remediation recommendations from these tools.
  • Assess security risks associated with code vulnerabilities and develop a prioritization strategy that mitigates the most critical issues efficiently.
  • Convert scan results and remediation recommendations into well-defined stories within Atlassian Jira, aligning with the Scaled Agile Framework (SAFe) for collaboration with development teams.
  • Draft policies, procedures, and best practices for publication in Atlassian Confluence to ensure consistent security practices across the organization.
  • Monitor and validate the completion of all remediation work through subsequent code scans.
  • Provide regular progress updates to the information security manager.
  • Collaborate with development teams to implement secure coding practices and address identified vulnerabilities.

Requirements

Required Skills and Experience:

  • 2-5 years of experience in information security, with a focus on code and vulnerability analysis.
  • Strong knowledge of manual audit, code reviews, and remediation techniques.
  • Proficiency in using Veracode and SonarQube toolsets for code scanning and vulnerability assessment.
  • Expertise in Java programming language and familiarity with secure coding standards and guidelines such as OWASP Top Ten, CERT/CC, MITRE, Sun, and NIST.
  • Experience working with Atlassian toolsets, particularly Jira, ServiceDesk, and Confluence.
  • Understanding of authentication, authorization, session management, and secure communication mechanisms.
  • Familiarity with Windows and Linux operating systems.
  • Experience working with ORACLE and MSSQL databases.
  • Knowledge of third-party library security analysis and the ability to identify potential security leaks.
  • Excellent problem-solving and analytical skills, with the ability to translate technical findings into actionable tasks for development teams.
  • Strong communication and collaboration skills to effectively work with cross-functional teams.

Preferred Qualifications:

  • Relevant certifications such as CISSP, CSSLP, or CEH are a plus.
  • Experience with automated security testing tools and continuous integration/continuous deployment (CI/CD) pipelines.
  • Knowledge of additional programming languages such as Python, C++, or C#.
  • Familiarity with cloud security best practices and securing cloud-based applications.

Get 10x more interviews and get hired faster.

JobHire.AI is the first-ever AI-powered job search automation platformthat finds and applies to relevant job openings until you're hired.

Registration