Information Security Analyst

Information Security Analyst Code and Vulnerability Analysis

Remote

Information security analyst position that functions as primary security code auditor for the agencys primary application.

Key Responsibilities:

• Analyze code scan output from Veracode and SonarQube along with remediation recommendations from these tools.
• Assess security risks associated with code vulnerabilities and develop a prioritization strategy that mitigates the most critical issues efficiently.
• Convert scan results and remediation recommendations into welldefined stories within Atlassian Jira aligning with the Scaled Agile Framework (SAFe) for collaboration with development teams.
• Draft policies procedures and best practices for publication in Atlassian Confluence to ensure consistent security practices across the organization.
• Monitor and validate the completion of all remediation work through subsequent code scans.
• Provide regular progress updates to the information security manager.
• Collaborate with development teams to implement secure coding practices and address identified vulnerabilities.

Required Skills and Experience:

• 25 years of experience in information security with a focus on code and vulnerability analysis.
• Strong knowledge of manual audit code reviews and remediation techniques.
• Proficiency in using Veracode and SonarQube toolsets for code scanning and vulnerability assessment.
• Expertise in Java programming language and familiarity with secure coding standards and guidelines such as OWASP Top Ten CERT/CC MITRE Sun and NIST.
• Experience working with Atlassian toolsets particularly Jira ServiceDesk and Confluence.
• Understanding of authentication authorization session management and secure communication mechanisms.
• Familiarity with Windows and Linux operating systems.
• Experience working with ORACLE and MSSQL databases.
• Knowledge of thirdparty library security analysis and the ability to identify potential security leaks.
• Excellent problemsolving and analytical skills with the ability to translate technical findings into actionable tasks for development teams.
• Strong communication and collaboration skills to effectively work with crossfunctional teams.

Preferred Qualifications:

• Relevant certifications such as CISSP CSSLP or CEH are a plus.
• Experience with automated security testing tools and continuous integration/continuous deployment (CI/CD) pipelines.
• Knowledge of additional programming languages such as Python C or C#.
• Familiarity with cloud security best practices and securing cloudbased applications.

verecode,Java,sonarqube,Atlassian,JIRA