Information Security Analyst Senior - Static Code Analyst

Location: McLean, VA


6 Months and Open for Extension
The Position will start as REMOTE until we come out of Covid-19 Pandemic
 
Technical Must Haves:
  1. Experience with Fortify - Specifically, with AWB, SSC, and SCA. JAVA - ability to work as an analyst is required, development experience preferred. Custom Filters. Git/Bitbucket. 
  2. Ideally hands-on experience or at least familiarity with vulnerability mgmt governance and process.
  3. Please describe any and all experience with Fortify AWB, SSC, and SCA. 
Position Description:
  • Self-motivated Static Code Analyst with a focus and passion on working with application development teams to remediate software vulnerabilities and educate teams on secure coding practices.
  • Deep understanding of OWASP Top 10 and other categories of vulnerabilities.
  • In-depth understanding of Fortify Source Code Analyzer to perform secure code reviews
  • In-depth understanding of using Fortify AWB and SSCAbility to quickly and correctly identify false-positives from Fortify SCA scan outputs.
  • Must have experience with using custom filtersMust be experienced in analyzing Java code and good familiarity with common modern Java development tech stacks e.g. Spring MVC, and Spring Boot., Jenkins, Angular, NodejsMust have experience with Git/Bitbucket.
  • Experience in Java Server side Development - is preferred
  • Must be able to develop shell scripts using regex as well as python
  • Understands Vulnerability management and Governance processAbility to balance multiple SAST (Static Application Security Testing) requests at once.