Work Location: ALPHARETTA GA 30005
Request Title: Sr. Product / Application Security Analyst
Desired Start Date: asap
End Date: 7/1/2017
Is this position contract to hire?: YES
Local Candidate Required?: YES
MANAGER UPDATE: I need candidates with actual software / code testing and software/application security experience. IT Ops centric backgrounds / experience do not fulfill my requirements.
May work from home. Must be based in the greater Atlanta area.
A “consultative” role and the successful candidate is able analyze security analysis results, interpret risk and aide software product owners in prioritizing remediation efforts. Must have excellent written, oral and presentation skills. Also, fundamental understanding of application development is key.
Day to Day Responsibilities:
- Coordinate and conduct secure development consults aid development teams in prioritizing remediation
- Analyze application security analysis results (i.e. SAST, IAST, Static Binary/Source Code, Dynamic and Manual Pen Test, etc.) to assess risk and aid in prioritizing remediation efforts
- Consult around use of automated analysis tools (e.g. Veracode, Coverity, etc.) and aid software group on interpreting results and prioritizing remediation strategies
- Consult around secure development standards and best practices (i.e. OWASP, SANS, ISACA, CERT, etc.)
- Fundamental knowledge of various software development methods and methodologies (e.g. Agile, XP, Waterfall, SCRUM, etc.)
- Interpret data and create risk-centric presentations intended for both technical and non-technical audiences
- Consult around identify and implementing compensating controls
- Interpret policy and consult on specific guidance to achieve adherence
Additional Skills: Must have some experience with: (1) Create and critically review application / software threat models; (2) Software security vulnerabilities prioritization using models such as DREAD and STRIDE.
4+ years experience in administering software-centric security controls in an organization
Good oral/written communications
Excellent working knowledge of software security standards and development lifecycle methods
Software development and quality assurance testing experience
IT Systems: SharePoint Administration; MS SQL & IIS Administration, and MySQL
High proficiency with MS Office productivity applications and Visio
Additional Knowledge & Skills:
Veracode, Coverity, HP Fortify, Checkmarx, AppScan, WebInspect Analysis solution
HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools
Application lifecycle management capabilities
4-year degree in computer science or related field or equivalent experience
Primus Software Corporation
Direct: 678 -466- 6853 | Fax: 770-234-4163