Talent.com
IN DWD - Information Security Analyst - Code and Vulnerability Analysis

IN DWD - Information Security Analyst - Code and Vulnerability Analysis

Lorven TechnologiesIndianapolis, Indiana, United States
job_description.job_card.30_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Position : IN DWD - Information Security Analyst - Code and Vulnerability Analysis

Location : Remote

Contract

Pay Rate : $42 / hr on W2

  • Candidate can use their own equipment, as long as that equipment is able to run Amazon Workspaces for connection into the state network. Please confirm if candidate will be using their own equipment or if they will need state equipment.
  • Only 1 Slot Open

Key Responsibilities :

  • Analyze code scan output from Veracode and SonarQube, along with remediation recommendations from these tools.
  • Assess security risks associated with code vulnerabilities and develop a prioritization strategy that mitigates the most critical issues efficiently.
  • Convert scan results and remediation recommendations into well-defined stories within Atlassian Jira, aligning with the Scaled Agile Framework (SAFe) for collaboration with development teams.
  • Draft policies, procedures, and best practices for publication in Atlassian Confluence to ensure consistent security practices across the organization.
  • Monitor and validate the completion of all remediation work through subsequent code scans.
  • Provide regular progress updates to the information security manager.
  • Collaborate with development teams to implement secure coding practices and address identified vulnerabilities.

    • Required Skills and Experience :

  • 2-5 years of experience in information security, with a focus on code and vulnerability analysis.
  • Strong knowledge of manual audit, code reviews, and remediation techniques.
  • Proficiency in using Veracode and SonarQube toolsets for code scanning and vulnerability assessment.
  • Expertise in Java programming language and familiarity with secure coding standards and guidelines such as OWASP Top Ten, CERT / CC, MITRE, Sun, and NIST.
  • Experience working with Atlassian toolsets, particularly Jira, Service Desk, and Confluence.
  • Understanding of authentication, authorization, session management, and secure communication mechanisms.
  • Familiarity with Windows and Linux operating systems.
  • Experience working with ORACLE and MSSQL databases.
  • Knowledge of third-party library security analysis and the ability to identify potential security leaks.
  • Excellent problem-solving and analytical skills, with the ability to translate technical findings into actionable tasks for development teams.
  • Strong communication and collaboration skills to effectively work with cross-functional teams.

    • Preferred Qualifications :

  • Relevant certifications such as CISSP, CSSLP, or CEH are a plus.
  • Experience with automated security testing tools and continuous integration / continuous deployment (CI / CD) pipelines.
  • Knowledge of additional programming languages such as Python, C++, or C#.
  • Familiarity with cloud security best practices and securing cloud-based applications.

    • Skill

    Required / Desired

    Amount

    of Experience

    Information security code analysis and review

    Required

    Years

    Java and secure coding standards

    Required

    Years

    Veracode

    Required

    Years

    Atlassian toolset with focus on Jira, Service Desk and Confluence

    Required

    Years

    SonarQube

    Nice to have

    Years

    CISSP, CSSLP or CEH certifications

    Nice to have

    serp_jobs.job_alerts.create_a_job

    Information Security Analyst • Indianapolis, Indiana, United States