Senior Vulnerability Code Analyst
Apply on
Job Description
Senior Vulnerability Code Analyst with Ruby on Rails Experience
Location: Washington, DC (Remote with potential onsite requirements)
Reports To: Chief Information Security Officer (CISO)
Contract Type: Labor-Hour
Position Summary:
The Senior Vulnerability Code Analyst is responsible for performing comprehensive vulnerability code analysis on the HBX s platforms, primarily developed in Ruby on Rails. This role requires deep technical expertise in both Ruby on Rails and secure coding practices to ensure that all code changes undergo thorough security review before deployment.
Key Responsibilities:
- Vulnerability Analysis:
- Perform static and dynamic code analysis using tools such as Fortify, Checkmarx, Veracode, SonarQube, and Burp Suite.
- Analyze HBX s Ruby on Rails codebase for security vulnerabilities and ensure that secure coding practices are followed.
- Conduct threat modeling and risk assessments for new and existing code.
- Remediation Support:
- Collaborate with development teams to manage the vulnerability remediation process, providing guidance on fixing security issues.
- Ensure compliance with industry-standard security practices (e.g., OWASP Top Ten, CWE/SANS Top 25).
- Security Awareness:
- Lead efforts to incorporate secure coding practices into the software development lifecycle (SDLC).
- Develop and deliver training on secure coding to development teams.
Required Qualifications:
- Technical Skills:
- Proficiency in Ruby and familiarity with other programming languages such as PHP, Bash, PowerShell, and Python.
- Expertise in using static and dynamic code analysis tools (e.g., Fortify, Checkmarx, Veracode, SonarQube, Burp Suite).
- Strong understanding of common cybersecurity vulnerabilities and attack vectors.
- Certifications:
- Preferred: Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), Certified Secure Software Lifecycle Professional (CSSLP).
Experience:
- Extensive experience in vulnerability management, threat modeling, and risk assessment.
- Proven track record in leading vulnerability remediation efforts in a complex software environment.
Personal Attributes:
- Strong analytical and problem-solving skills.
- Excellent communication skills, with the ability to articulate security issues to both technical and non-technical audiences.
Salary:
- Competitive, commensurate with experience.
Application Process: Interested candidates should submit a resume and cover letter outlining their qualifications and experience as it relates to the Senior Vulnerability Code Analyst position.