Be an early applicantLess than 25 applicantsPosted by Agency

Company

ASRC Federal · 10 hours ago

Application Security Analyst - Developer Focused (Remote)

United States

Full-time

Remote

Senior Level

7+ years exp

Maximize your interview chances

ConsultingGovernment

No H1B

Security Clearance Required

Insider Connection @ASRC Federal

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Collaborate with development teams to shift security left in the software development life cycle, ensuring that security is integrated throughout the development process

Analyze the validity of vulnerabilities identified by Fortify SSC, Sonatype and other SAST, DAST, OAST, IAST, and RAST tools and provide feedback to the developer and/or product owner.

Prioritize based on overall impact to risk and identified repeatable methodologies

Evaluate mitigation strategies and ensure they are appropriate to the initial finding, provide rationale when a finding is erroneously categorized

Coordinate and maintain vulnerability management, testing, and infrastructure compliance

Prepare and present weekly and monthly presentation statuses and facilitate AppSec cross-division meetings

Ensure AppSec tools’ system availability, functionality, and system configuration including DoD STIG implementation, compliance, and remediation

Create and maintain SOPs, TTPs, checklists, etc., to address software vulnerabilities

Support Cybersecurity reviews, including generation of security artifacts, such as security plans, POA&M, and security CONOPS

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecuritySASTDASTVulnerability ManagementStatic AnalysisDynamic AnalysisOpen-source ScanningFortifySonatypeWebInspectBurp SuiteVulnerability ScanningDoD STIG ComplianceSecurity Artifacts GenerationDoD 8570 CertificationSecurity Best Practices

Required

Active Secret Clearance

7+ years of application security experience, such as the management and operations of Static, Dynamic, open-source, and web vulnerability scanning, and/or manual review of source code for vulnerabilities

Experience working with development teams to secure code, not just scanning for vulnerabilities

Bachelor’s degree in computer science, related field or equivalent experience

Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification

Fluent with security testing with SAST, DAST, IAST, and other methodologies, experience with Fortify, Sonatype, WebInspect, or Burp Suite or comparable tools

Ability to clearly and effectively communicate concerns and issues to technical and non-technical stakeholders

Excellent written communication skills

Demonstrated experience in developing, documenting, and maintaining security applications/tools and procedures/standards

In-depth knowledge of security vulnerabilities, attack vectors, mitigation techniques, and best practices

Preferred

Experience in application development is a plus

Benefits

Learning and Development: After 90 days of employment, regular full-time employees can get reimbursed up to $5,250 annually to go towards Associate’s, Bachelor’s or Graduate Degrees; Industry standard professional certification; A professional certificate program; Continuing education classes; and Registration fees to attend professional conferences.

Employee Resource Groups: That provide our employees the opportunity to collaborate and network with colleges with common interests, backgrounds, and experiences including Women's Impact Network (WIN), Multicultural ERG, Military Community (MILCOM), and Pride ERG for LGBTQ+ employees and allies.

Purpose Driven Careers: Certified Great Place to Work™; Certified Military Times' 'Best for Vets' and Military.com ‘Top 25 Veteran Employer.’

Benefits: Comprehensive insurance packages including medical, dental, vision, life insurance, and short term/long term disability, as well as a 401K with generous company match and immediate vesting.