Security Analyst

As an Application Security Analyst at our company, your role will involve identifying and reporting vulnerability issues in DAST and managing SAST, SCA, and Vulnerability Management. You will be responsible for various tasks including web application security testing, identifying SQL injections, XSS, CSRF, authentication, and OWASP top 10 issues. It is essential to maintain expertise in both commercial and open-source tools such as BurpSuite, AppScan, WebInspect, OWASP ZAP, and more. Your responsibilities will also include reproducing external pentest issues, reviewing reports, analyzing scan results, contributing to Bill of Material monitoring, collaborating on license approval, and assisting with security incident alerts. Key Responsibilities: - Conduct web application security testing and assessments - Identify and address various security issues including SQL injections, XSS, CSRF, and authentication - Maintain expertise in security technologies and tools such as BurpSuite, AppScan, OWASP ZAP, and more - Reproduce and report identified vulnerabilities from external pentest issues - Review external pentest reports and work with the team to reproduce use cases - Analyze and report vulnerabilities from DAST, SAST, SCA, and vulnerability management tools - Assist in investigating zero-day vulnerabilities and provide relevant data for further processing - Automate security testing tasks and contribute to process improvement ideas - Participate in on-call support rotation for after-hours coverage Qualifications Required: - Bachelor's degree in Information Technology or Computer Science - Expertise in identifying and exploiting business logic and framework-related vulnerabilities - Extensive experience in analyzing dynamic scan reports and removing false positives - Knowledge of Secure SDLC and security standards like OWASP, CWE, NIST, OSSTMM - Minimum 5 years of relevant experience - Working understanding of Agile Development processes - Strong written and verbal communication skills - Good troubleshooting skills - Excellent teaching, problem-solving, and interpersonal skills Additionally, you will need skills in data security, understanding security trends and techniques, application security, communication, dependability, reliability, initiative, time management, data analysis, oral and written communication, and Jiva product knowledge. Competencies in network security, physical and environmental security, problem-solving, quality, system security, vulnerability assessment, internet security systems, and penetration testing are also required for this role.,