Application Security Analyst - Developer Focused (Remote) @ ASRC Federal | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Application Security Analyst - Developer Focused (Remote) jobs in United States
Be an early applicantLess than 25 applicantsPosted by Agency
company-logo

ASRC Federal · 7 hours ago

Application Security Analyst - Developer Focused (Remote)

ftfMaximize your interview chances
ConsultingGovernment
badNo H1BnoteSecurity Clearance Requirednote

Insider Connection @ASRC Federal

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Collaborate with development teams to shift security left in the software development life cycle, ensuring that security is integrated throughout the development process
Analyze the validity of vulnerabilities identified by Fortify SSC, Sonatype and other SAST, DAST, OAST, IAST, and RAST tools and provide feedback to the developer and/or product owner.
Prioritize based on overall impact to risk and identified repeatable methodologies
Evaluate mitigation strategies and ensure they are appropriate to the initial finding, provide rationale when a finding is erroneously categorized
Coordinate and maintain vulnerability management, testing, and infrastructure compliance
Prepare and present weekly and monthly presentation statuses and facilitate AppSec cross-division meetings
Ensure AppSec tools’ system availability, functionality, and system configuration including DoD STIG implementation, compliance, and remediation
Create and maintain SOPs, TTPs, checklists, etc., to address software vulnerabilities
Support Cybersecurity reviews, including generation of security artifacts, such as security plans, POA&M, and security CONOPS

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application SecuritySASTDASTVulnerability ManagementStatic AnalysisDynamic AnalysisOpen-source ScanningFortifySonatypeWebInspectBurp SuiteVulnerability ScanningDoD STIG ComplianceSecurity Artifacts GenerationDoD 8570 CertificationSecurity Best Practices

Required

Active Secret Clearance
7+ years of application security experience, such as the management and operations of Static, Dynamic, open-source, and web vulnerability scanning, and/or manual review of source code for vulnerabilities
Experience working with development teams to secure code, not just scanning for vulnerabilities
Bachelor’s degree in computer science, related field or equivalent experience
Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification
Fluent with security testing with SAST, DAST, IAST, and other methodologies, experience with Fortify, Sonatype, WebInspect, or Burp Suite or comparable tools
Ability to clearly and effectively communicate concerns and issues to technical and non-technical stakeholders
Excellent written communication skills
Demonstrated experience in developing, documenting, and maintaining security applications/tools and procedures/standards
In-depth knowledge of security vulnerabilities, attack vectors, mitigation techniques, and best practices

Preferred

Experience in application development is a plus

Benefits

Learning and Development: After 90 days of employment, regular full-time employees can get reimbursed up to $5,250 annually to go towards Associate’s, Bachelor’s or Graduate Degrees; Industry standard professional certification; A professional certificate program; Continuing education classes; and Registration fees to attend professional conferences.
Employee Resource Groups: That provide our employees the opportunity to collaborate and network with colleges with common interests, backgrounds, and experiences including Women's Impact Network (WIN), Multicultural ERG, Military Community (MILCOM), and Pride ERG for LGBTQ+ employees and allies.
Purpose Driven Careers: Certified Great Place to Work™; Certified Military Times' 'Best for Vets' and Military.com ‘Top 25 Veteran Employer.’
Benefits: Comprehensive insurance packages including medical, dental, vision, life insurance, and short term/long term disability, as well as a 401K with generous company match and immediate vesting.

Company

ASRC Federal

company-logo
ASRC Federal provide mission-critical services to federal government agencies dedicated to defense, civil and intelligence support.

Funding

Current Stage
Late Stage

Leadership Team

J
Jennifer Felix
President and Chief Executive Officer
linkedin
leader-logo
Joseph Winthrop
Chief Financial Officer
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot