Application Security Analyst

Job Description Summary – GIS Application Security Analyst 

The Application Security Analyst will play a critical role in protecting our software applications by identifying potential threats, performing security testing, and collaborating with development teams to remediate vulnerabilities. The ideal candidate will have at least 5 years of experience in application security and be familiar with various security testing methodologies, secure coding practices, and vulnerability management processes. 

Responsibilities 

1. Security Testing: 

• • Conduct comprehensive security tests on applications, including product penetration testing, static and dynamic code analysis, and vulnerability scanning. 
  • Utilize various security tools and techniques to identify and address security weaknesses in our software products. 

2. Threat Modeling: 

• Analyze applications to identify potential threats and vulnerabilities. 
• Develop and prioritize areas for security testing based on identified threats and potential impact. 

3. Vulnerability Management: 

• Identify, document, and track vulnerabilities discovered during security testing. 
• Communicate vulnerabilities to development teams and work collaboratively to remediate identified issues. 
• Own the patch release process 

4. Secure Code Review: 

• Perform secure code reviews to detect security flaws, backdoors, and other vulnerabilities in application code. 
• Provide actionable feedback to development teams for improving code security.

5. Automated Security Testing: 

• Integrate and maintain automated security tools within the CI/CD pipeline. 
• Ensure continuous monitoring and testing of applications for security vulnerabilities. 

6. Reporting and Documentation: 

• Provide detailed reports on security testing efforts, including findings, metrics, and remediation recommendations. 
• Maintain comprehensive documentation of security assessments and remediation activities. 

7. Collaboration with Veeam R&D: 

• Partner with the Research and Development (R&D) team to develop and integrate security processes into the Software Development Lifecycle (SDLC). 
• Work closely with R&D to ensure security best practices are embedded in the development process. 

Qualifications 

• Bachelor’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CEH, CISSP, OSEE, OSED, OSCP) are a plus. 
• Minimum of 5 years of experience in application security, including security testing, threat modeling, and vulnerability management. 
• Ability to obtain and maintain a US Government TS/SCI security clearance. 
• Strong knowledge of secure coding practices, software development, and security assessment tools. 
• In-depth understanding of the Secure DEVOPS process 
• Familiarity with multiple languages including: C#, .NET, C++, python 
• Experience with automated security testing tools and integrating security into CI/CD pipelines. 
• Familiarity with common security frameworks and standards, such as OWASP, NIST, and ISO 27001. 
• Familiar with different threat modeling methodologies such as PASTA, STRIDE, etc 
• Able to perform detailed secure code reviews and provide constructive feedback. 
• Excellent communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams. 
• Strong analytical and problem-solving skills, with attention to detail. 
• Ability to stay current with the latest security trends, vulnerabilities, and threat landscapes. 

Benefits

• Unlimited PTO
• Medical, dental, and vision benefits that start on day one
• Flexible spending accounts
• Life insurance and short-term and long-term disability coverage
• Family planning support benefits, along with 100% paid maternity and parental leave
• 401k match
• Veeam Care Days – additional 24 hours for your volunteering activities
• Professional training and education, including courses and workshops, internal meetups, and unlimited access to our online learning platforms (Percipio, Athena, O’Reilly) and mentoring through our MentorLab program.

#LI-Remote

#LI-JW1