Remote Application Security Analyst

Summary

Join GuidePoint Security, a rapidly growing and profitable company, as an Application Security Engineer to operate client SAST/DAST/SCA tools, implement integrations, perform vulnerability assessments, and provide guidance. With a focus on application security, you will work with our team to identify threats, optimize resources, and integrate best-fit solutions.

Requirements

• At least 12 months of experience working in an Application Security focused position or supporting SAST/DAST/SCA tools
• Solid knowledge of manual testing tools such as Burp Suite Professional, OWASP ZAP
• Knowledge of and experience with SAST/DAST/SCA Application Security tools such as: BlackDuck, Bright, Burp Suite, Checkmarx, GitHub Advanced Security, Invicti, Mend, Netsparker, OpenText Fortify, Snyk, Veracode, etc
• Experience integrating security tools into pipelines
• Understanding of a broad range of Application Security vulnerabilities as well as their mitigation strategies with a focus on OWASP Top 10 and API Top 10
• Experience with reviewing source code written in JavaScript, Python, Java, C++, PHP, or C# a plus
• Excellent written and verbal communication skills for client interaction with an ability to clearly articulate thoughts and distill complex problems into digestible pieces of information
• Personal drive and passion to not only continue growing yourself but also the Application Security Engineering practice
• Bachelor's degree in Computer Science or Information Security (preferred)
• Standard relevant AppSec certifications such as those by SANS, Offensive Security, INE, CompTIA certifications (preferred)

Responsibilities

• Operate client SAST/DAST/SCA tools
• Initiate scans
• Review security findings
• Create security tickets
• Perform remediation verification
• Provide guidance to development throughout the vulnerability lifecycle
• Implement integrations for tools into pipelines, ticketing systems, etc
• Perform manual API and web application vulnerability assessments
• Perform secure code reviews to identify vulnerabilities

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
• 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option