Sr. Application Security Analyst
As a Sr. Application Security Analyst you will perform application security assessments in a SecDevOps continuous integration and continuous deployment (CI/CD) environment in support of client cybersecurity efforts. Perform activities, including assessment planning, analysis, and reporting. Select, configure, and operate applicable tools, including static analysis and dynamic analysis together with supporting processes. Provide application security results in the context of broader cybersecurity efforts, including the Risk Management Framework (RMF). Provide guidance to colleagues and clients on application security life cycle best practices. Work independently with some guidance and review or guide activities of junior employees, as needed. This position is open to remote delivery from any location in the U.S., to include the District of Columbia.
- 4+ years of experience with technical IT, including application security and application architecture
- 2+ years of experience with performing application security reviews
- 2+ years of experience with software development using two or more of the following development components: GIT, Fortify, SonarQube, Chef, Docker, Splunk, OpenShift, Kubernetes, OKTA, F5 APM, ADFS, and MVision CASB
- Experience with developing security user stories for application agile/DevSecOps design and coding sprints
- Experience with managing a software development project team
- Experience with system application development in cloud environments, including Azure and AWS
- Experience with both DAST and SAST testing tools, including Nexus, Fortify, and SoapUI
- Knowledge of NIST and FIPS security controls, DoD STIGs, and CIS standards
- Ability to obtain a security clearance
- BA or BS degree
- Experience with performing security reviews for federal IT systems
- Knowledge of application development frameworks, including STRUTS, LAMP, Angular, and .NET
- Ability to work as an independent security practitioner and participate in a small team of security personnel reviewing the same system
- Ability to communicate effectively both verbally and in writing
- Ability to organize, analyze, and write technical documents that can be understood by non-technical individuals
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.