Search Jobs

Vulnerability Analyst

St. Louis (Hybrid), MO

Posted: 11/14/2023 Job Number: KC563995921

Job Description

Vulnerability Analyst
 Development BackgroundSecure code review (ex: Checkmarx SAST/SCA)Builder Tools (ex: Artifactory/Xray, Bitbucket, Jenkins) Nice to have:Automation, Analytical, Dashboards, Splunk, DAST/IAST & Application Pen testing Overview: Seeking Senior DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST), software composition analysis (SCA) and Artifact Vulnerability Management. Candidate must have experience in performing application security code review, opensource vulnerability management, building and improvising SSDLC process in an enterprise environment. Experience with black box, grey box, white box and penetration testing is desired. Responsibilities: 
  1. Perform secure source code review and software composition analysis for the proprietary applications (web, mobile, web service, etc.). The assessment may involve manual testing and analysis as well as use of automated application vulnerability scanning/testing tools.
  2. Support the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process, tools integration and automation.
  3. Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies
  4. Able to assist in set up strategic direction for application security and vulnerability management programs across the enterprise.
  5. Support CI/CD and build pipelines with an understanding of quality and security gates and enable integration of automated solutions to increase security posture.
  6. Responsible for the use and operational maintenance of application security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.
  7. Develop, enhance, and provide input into development of KPI, KRI and other metrics.
  8. Understand and implement security policies, standards, industry best practices and compliance requirements
  9. Take lead on medium size projects. Ability to create business and technical requirements for project and implementation plan.
  10. Responsible for project documentation, including maintaining technical documents and business requirements
  11. Strong communication and technical skills with the ability to communicate between business and technical stakeholders
 Experience: 
  1. Hands-on experience in application secure source code review, software composition analysis, opensource library and artifact vulnerability management
  2. Prior experience in writing the code using one or more languages: Java, .Net, Groovy, Python and PowerShell is desired
  3. Knowledge of secure software development life cycle (SSDLC), CI/CD pipeline, Container, Cloud, DevSecOps and SSDLC process automation is desired
  4. Experience with the following source code repositories, build systems and Artifactory is a plus: SVN, GIT, Bitbucket, Jenkins and JFrog Artifactory.
  5. Familiar with common frameworks, spanning frontend, backend and Package managers (Angular, Bootstrap, Node, Struts, Spring, .NET MVC, Maven, npm, nuget etc.).
  6. Familiar with data analytics and dashboard development using Splunk, Domo and Alteryx
  7. Strong relationship building skills and collaborative style to enable success across multiple partners is desired
  8. Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
  9. Familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, SHREMS II, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000
 

Additional Information

Envision, LLC is proud to be an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Meet Your Recruiter

Joe Migdal

Open minded individual with a background in sales and marketing. Golfed professionally all over the world from 2015-2018. Golfing has provided me with the discipline required in today's workforce to take each challenge thrown at me and give it my all. I am always open to new opportunities and to network with individuals in my area. Currently working as an Senior IT Staffing Consultant at Envision LLC.

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.
Search Jobs
Find People
Contact Us