Silver Search Inc
Application Security Analyst-REMOTE
Application Security Analyst with .NET C# development background
100% remote
Our client is a world renowned professional services company with an immediate need for Software Security Analyst. The role will be based out of their NJ office but can be 100% remote! This is a long term contract and is open to C2C or W2.
The Software Security (Secure Code) Analyst will be responsible identifying and tracking software vulnerabilities, in addition to recommending design changes to ensure the secure implementation of software solutions with minimal technical risk. The candidate will work to identify, triage, and provide remediation guidance for vulnerabilities within software applications and systems using various tools, techniques, approaches and methodologies.
Responsibilities:
- Primary responsibility is to find defects and vulnerabilities, using automated tools for static and dynamic analysis of software. Examples include Fortify On-Demand, WebInspect, Qualys, Application Insights.
- Act as SME for secure coding, leveraging proficiency in .NET programming languages and frameworks (e.g. C#, ASP.NET, MVC, jQuery, TypeScript, Angular, and Bootstrap).
Required skills:
- 9-12 years of relevant application develop and IT security experience.
- Experience in supporting software application and system code security assessments using automated tools (ie Fortify and Fortify On-Demand).
- In depth experience and knowledge of security concepts, threat, threat modeling, vulnerability exploitation, and common website and application vulnerabilities including but not limited to, SQL Injection, Cross-site scripting (XSS) and Session Management
- Experience or knowledge of Fortify, Fortify On-Demand, WebInspect, Qualys, Visual Studio Team Suite, and Azure;
- Experience with Microsoft technologies such as C# and ASP.NET, as well as common open source code (Bootstrap, JQuery, Angular, TypeScript, etc.).
- Experience with integrating SCA code scanning into the build process and approaches for integration into CI/CD methodologies; experience with DevOps/Agile environments and delivery models.
- Code scanning and assessment experience – Manual/Automated/Static/Dynamic using Fortify and Fortify On-Demand.
- Bachelor’s degree in Computer Science(s), Information Technology/Security, Systems Engineering or similar area.
- Professional certifications in information technology security; Certified Information System Security Professional (CISSP) preferred.