We are looking for professionals with experience programming and or reviewing code in several of C, C++, C#, .NET, Java, PHP, Objective-C, ColdFusion and/or Ruby on Rails as well as application security experience.
The Security Analyst will work in the Center for Software Assurance within the service delivery team with the following specific responsibilities:
Review security issues identified in applications through static binary analysis and dynamic analysis (automated web application scanning). This will include confirming the existence of software coding errors in several of C/C++, C#, .NET, Java, PHP, Objective-C, ColdFusion and/or Ruby on Rails (including deployed web applications).
Determine commonly occurring trends in engine and scan accuracy and provide feedback to the engine and scripting teams. Achieve acceptable levels of analysis quality and throughput, as defined by internal operations metrics, and adhere to internal company security policies and procedures in delivering against job function.
Interact with customer support and customers directly as needed to assist them in understanding security flaws reported and answering questions on remediation strategies Augment the Application Security Research Lab, Engineering and QA resources as needed to assist with test case creation or to investigate new threat spaces and attack vectors.
Participate in internal user acceptance testing for new product releases, and assist with QA efforts as needed Handle internal escalations from Security Analysts 1 and provide mentorship to junior team members Work with service delivery management to determine operational efficiency requirements and develop and enhance operations and delivery processes and procedures.
This role is available for a traditional Monday through Friday or as a schedule that encompasses two weekend days and two weekdays.
Skills/Requirements
Bachelors degree in Computer Science or related discipline
Proficient in several of C/C++, C#, .NET, Java, PHP, Objective-C ColdFusion and/or Ruby on Rails (multiple languages a plus)
Strong analytical, organizational, and technical writing skills Self-motivated, results driven, and able to work effectively in a team/operations environment.
Ideally candidates would also have:
1-2 years of development experience involving secure coding practices as part of the software development lifecycle, or equivalent exposure to static code analysis.
Solid understanding of secure coding practices and dynamic testing (web application testing), with experience identifying and remediating security vulnerabilities is a plus