Information Security Analyst

Key Responsibilities:

• Analyze code scan output from Veracode and SonarQube, along with remediation recommendations from these tools.
• Assess security risks associated with code vulnerabilities and develop a prioritization strategy that mitigates the most critical issues efficiently.
• Convert scan results and remediation recommendations into well-defined stories within Atlassian Jira, aligning with the Scaled Agile Framework (SAFe) for collaboration with development teams.
• Draft policies, procedures, and best practices for publication in Atlassian Confluence to ensure consistent security practices across the organization.
• Monitor and validate the completion of all remediation work through subsequent code scans.
• Provide regular progress updates to the information security manager.
• Collaborate with development teams to implement secure coding practices and address identified vulnerabilities.

Required Skills and Experience:

• 2-5 years of experience in information security, with a focus on code and vulnerability analysis.
• Strong knowledge of manual audit, code reviews, and remediation techniques.
• Proficiency in using Veracode and SonarQube toolsets for code scanning and vulnerability assessment.
• Expertise in Java programming language and familiarity with secure coding standards and guidelines such as OWASP Top Ten, CERT/CC, MITRE, Sun, and NIST.
• Experience working with Atlassian toolsets, particularly Jira, ServiceDesk, and Confluence.
• Understanding of authentication, authorization, session management, and secure communication mechanisms.
• Familiarity with Windows and Linux operating systems.
• Experience working with ORACLE and MSSQL databases.
• Knowledge of third-party library security analysis and the ability to identify potential security leaks.
• Excellent problem-solving and analytical skills, with the ability to translate technical findings into actionable tasks for development teams.
• Strong communication and collaboration skills to effectively work with cross-functional teams.

Preferred Qualifications:

• Relevant certifications such as CISSP, CSSLP, or CEH are a plus.
• Experience with automated security testing tools and continuous integration/continuous deployment (CI/CD) pipelines.
• Knowledge of additional programming languages such as Python, C++, or C#.
• Familiarity with cloud security best practices and securing cloud-based applications.

Job Type: Contract

Pay: $40.00 - $42.00 per hour

Expected hours: 40 per week

Benefits:

• Paid time off

Schedule:

• Monday to Friday

Education:

• Bachelor's (Required)

Experience:

• Information security code analysis and review: 3 years (Required)
• Java and secure coding standards: 3 years (Required)
• Veracode: 3 years (Required)
• Atlassian toolset Jira, ServiceDesk and Confluence: 3 years (Required)
• CISSP, CSSLP or CEH certifications: 1 year (Preferred)

Work Location: Remote