Application Security Analyst

JOB TITLE: Application Security Analyst

JOB LOCATION: The services will be performed under hourly rate contracts within the GSA contract guidelines. These services, where on-site presence of the Contractor is required, MUST be provided at the DSS/ITS Data Center located at 505 Clermont Ave, 3rd Floor, Brooklyn, NY 11238 or alternate DSS locations within the five boroughs of the New York City area, as determined by DSS.

PLEASE SUBMIT YOUR RESUME USING THE FOLLOWING INSTRUCTIONS:

Resume MUST BE restricted to a maximum of 2 pages

Resume MUST BE in MS WORD format

Please provide two (2) references (Full Name, Email and Phone Number)

NOTE: References are needed for submission of resumes to the end client. The client does NOT contact references until you are interviewed for the job.

TASKS & DUTIES:

· Objective:

o Audit and analyze and accredit HRA/DSS/DHS Applications being moved as part of the Data Center Migration Project.

· Scope/Tasks Breakdown:

o Evaluate Application vulnerability scan reports

o Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs

o Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite

o Communicate and report application vulnerability findings to Business Owner(s) and IT Heads

o Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment

o Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment

o Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s), IT Head and CISO

Required Skills

· 8+ years of experience in Application Security & Industry Standards (OWASP, NIST)

· 8+ years of experience in Secured Software Development Life Cycle (SSDLC)

· 8+ years of experience in Threat Modelling & Risk Assessments

· 5+ years of experience in Application Scanning for Vulnerabilities (SAST, DAST)

· 8+ years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)

· 8+ years of experience in API Security & Access Controls (OAuth, SAML, SSO)

· 8+ years of experience in Cloud Security

· 8+ years of experience in Security Frameworks (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)

· 8+ years of experience in Vulnerability Management & Penetration Testing

· 8+ years of experience in Incident Response & Security Operations

· 8+ years of experience in Security Training & Awareness

· 8+ years of experience in Agile Environment Collaboration

· 8+ years of experience in Project Management

· 8+ years of experience in Cross-Functional Team Collaboration

· 8+ years of experience in Client Engagement & Communication

· 8+ years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix

· 8+ years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C++, C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium

· 8+ years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite

· 8+ years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE

Job Types: Full-time, Contract

Experience:

• OWASP, NIST: 8 years (Preferred)
• SSDLC: 8 years (Preferred)
• Threat Modelling & Risk Assessments: 8 years (Preferred)
• Application Scanning for Vulnerabilities (SAST, DAST): 8 years (Preferred)
• CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins): 8 years (Preferred)
• API Security & Access Controls (OAuth, SAML, SSO): 8 years (Preferred)
• Cloud Security: 8 years (Preferred)
• NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP: 8 years (Preferred)
• Vulnerability Management & Penetration Testing: 8 years (Preferred)
• Agile Environment Collaboration: 8 years (Preferred)
• Project Management: 8 years (Preferred)
• Operating Systems: Windows Server, Apache, Microsoft IIS: 8 years (Preferred)
• ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion: 8 years (Preferred)
• JavaScript, HTML, C++, C#, MS PowerApps, Python: 8 years (Preferred)

Work Location: In person