Application Security Analyst -DMDC Program - Secret

Application Security Analyst -DMDC Program - Secret

Vacancy expired!

Application Security Analyst to join our project located in Seaside, CA. The Security Analyst will support the application security tools and processes and YBERCOM/JFHQ analyst functions. Our client’s current suite of AppSec tools consists of Sonatype, Fortify, WebInspect, and Burp. The candidate of choice will need to be highly organized, detailed oriented, dedicated and self-driven desire to research current information security landscape, and display a security analyst mindset with a natural curiosity of data.

Essential Functions and Responsibilities:

• Improve enterprise security posture through close collaboration with teams to ensure the adoption of security best practices across the entire application lifecycle
• Implement policies in AppSec tools suite in accordance with security best practices
• Conduct security reviews of application scan results
• Conduct security reviews Applications, YBECOM/JFHQ POA&Ms
• Track POA&M status
• Review and approve application(s) for promotion to production environment
• Provide recommendations for prioritization based upon existing controls
• Ensure authorized access for all AppSec tools
• Monitor and process AppSec ticket(s), such as but not limited to account management, application promotions to production, scan requests, inquiries, etc.
• Track, measure and evaluate application security compliance across the enterprise
• Conduct security evaluations of recommended vendor software for the enterprise
• Collaborate with AppSec tool suite vendors
• Coordinate with stakeholders to schedule and test AppSec tools’ upgrades and maintenance
• Maintain schedule and perform scans of web sites using specified tools as directed
• Perform AppSec tools daily monitoring
• Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
• Demonstrate a strong knowledge understanding of current security threats, techniques, and landscape
• Create and maintain SOPs for Fortify, Sonatype, WebInspect, Burp Suite, and Software Security Center
• Create and maintain YBERCOM/JFHQ process documentation
• Assist in the review of YBERCOM/JFHQ Operation Orders, Task Orders, IAVM and VDP notifications and enterprise coordination and compliance with such directives/orders
• Facilitate AppSec & YBERCOM/JFHQ meetings, and prepare meeting minutes
• Prepare and present weekly presentation status slides

Education:
BA/BS or equivalent work experience

Required Skills/Qualifications:

• Must have one of the following certifications; CAP, CASP+CE, CISM, CISSP, GSLC, CCISO
• Experience in at least one: Fortify, Sonatype, WebInspect, or Burp
• Minimum 2 years cybersecurity experience
• Must be a and have a Secret clearance with SSBI with the ability to obtain and maintain a Top Secret clearance
• Excellent communication and analytical skills

Desired Skills/Qualifications:

• Fortify, Sonatype, WebInspect, and/or Burp Suite experience
• Hands-on experience in scripting such as PowerShell, Python, or Bash
• Software vulnerability knowledge
• Microsoft, Linux, Java, C or CEH certification
• Understanding of Software Development Lifecycle
• Strong technical writing skills
• Very organized and detailed oriented. All requests will be time sensitive with short turnarounds.