Vulnerability Remediateion Analyst - Application

IE  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Vulnerability Remediation Analyst - Application

My client requires an experienced Vulnerability Remediation Analyst to join their project.

This position will be responsible for driving application vulnerability remediation in all phases of the Software Development Life Cycle (SDLC). They will work with development teams, business groups, and risk management teams to understand the remediation timelines and provide remediation guidance as needed.

Position Description

The qualified candidate will possess a working knowledge of multiple programming languages (C#, Java, Ruby, Python, and .NET) and be able to read and understand code; utilizing that knowledge to assist in remediation of application level vulnerabilities across the deployment process. The individual must have a knowledge of built-in security practices, knowledge of the application remediation life cycle, have excellent communication and time management skills, and be effective at influencing individuals outside of their reporting structure.

This is a hands-on role that involves evaluating and enforcing application security in all phases of the Software Development Life Cycle (SDLC). This position will work closely with our development teams to define the application security best practices and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

All members of the Vulnerability Management team will work collectively to improve the overall capabilities of identifying and remediating weaknesses in the enterprise by continuously improving the vulnerability management program.

Critical Skills

    • Excellent problem solving and analytical skills
    • Outstanding oral and written communication skills
    • Self-motivation and the ability to work under minimal supervision are a must.
    • Experience with any of the following: Veracode, Synopsys, SonarQube, Sonatype, and other security inspection and analysis solutions.
    • Experience with common SDLC tools: static and dynamic code analysis, open source management, threat modelling, etc.
    • Assist with program assessments ensuring programmatic goals are well documented.
    • Foundational knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by malicious actors.
    • Foundational knowledge of cloud-based infrastructures/software and how they affect security needs.
    • Solid understanding of commonly used web and database technologies, for example, HTTP/HTTPS, HTML, JavaScript, Rails, and SQL.
    • Good working knowledge of industry and commonly adopted secure standards, practices (eg applicable NIST standards, CIS, ISO, OWASP, SANS, BSIMM, and CERT)
Start date
ASAP
Duration
3-6 months
From
LCA Consulting Services
Published at
14.07.2019
Project ID:
1797272
Contract type
Freelance
To apply to this project you must log in.
Register