Information Security Analyst Code and Vulnerability Analysis
Remote
Information security analyst position that functions as primary security code auditor for the agencys primary application.
Key Responsibilities:
- Analyze code scan output from Veracode and SonarQube along with remediation recommendations from these tools.
- Assess security risks associated with code vulnerabilities and develop a prioritization strategy that mitigates the most critical issues efficiently.
- Convert scan results and remediation recommendations into welldefined stories within Atlassian Jira aligning with the Scaled Agile Framework (SAFe) for collaboration with development teams.
- Draft policies procedures and best practices for publication in Atlassian Confluence to ensure consistent security practices across the organization.
- Monitor and validate the completion of all remediation work through subsequent code scans.
- Provide regular progress updates to the information security manager.
- Collaborate with development teams to implement secure coding practices and address identified vulnerabilities.
Required Skills and Experience:
- 25 years of experience in information security with a focus on code and vulnerability analysis.
- Strong knowledge of manual audit code reviews and remediation techniques.
- Proficiency in using Veracode and SonarQube toolsets for code scanning and vulnerability assessment.
- Expertise in Java programming language and familiarity with secure coding standards and guidelines such as OWASP Top Ten CERT/CC MITRE Sun and NIST.
- Experience working with Atlassian toolsets particularly Jira ServiceDesk and Confluence.
- Understanding of authentication authorization session management and secure communication mechanisms.
- Familiarity with Windows and Linux operating systems.
- Experience working with ORACLE and MSSQL databases.
- Knowledge of thirdparty library security analysis and the ability to identify potential security leaks.
- Excellent problemsolving and analytical skills with the ability to translate technical findings into actionable tasks for development teams.
- Strong communication and collaboration skills to effectively work with crossfunctional teams.
Preferred Qualifications:
- Relevant certifications such as CISSP CSSLP or CEH are a plus.
- Experience with automated security testing tools and continuous integration/continuous deployment (CI/CD) pipelines.
- Knowledge of additional programming languages such as Python C or C#.
- Familiarity with cloud security best practices and securing cloudbased applications.
verecode,Java,sonarqube,Atlassian,JIRA