Job
Description
Role & responsibilities Proficient in using static code analysis tool Veracode. Updated scan statuses and escalated issues to management as necessary, ensuring swift resolution. Collaborated with cross-functional teams to address security concerns and implement proactive measures. Assisted in the development and execution of vulnerability management strategies. Conducted beginner-level web application security and penetration testing through manual testing techniques. Gained practical experience in information security practices and principles. Assisted in compliance efforts related to PCI, GLBA, SOX, and other regulatory standards. Developed beginner-level Windows and Unix skills, enhancing the ability to work with diverse technology stacks. Improved communication and written documentation skills through daily interactions and reporting. Displayed beginner-level leadership qualities, taking initiative and demonstrating a commitment to team success. Implemented security scanning tools (e.g., SAST, DAST, SCA) within CI/CD pipelines to identify and mitigate security vulnerabilities in code and dependencies. Managed artifact repositories, including using tools like JFrog Artifactory, for storing and versioning binary artifacts produced during the build process. Successfully integrated Static Code Analyzer into CI/CD pipelines, enhancing code quality. Gained knowledge of public cloud platforms such as AWS, Azure, and GCP, facilitating seamless integration and deployment. Provided remediations to developers based on the output of security scanning reports. Ensured compliance with security and licensing policies by using tools like JFrog Xray. Good Knowledge in TCP/IP Networking, SSL, Active Directory, SSO, VPN's, DNS Familiar with industry security policies/ standards such as OWASP Top 10. Having good understanding of cloud computing, virtual hosting, basic cloud services and best practices for cloud-native applications is valuable. Good with basics of Core Java, C, and HTML Preferred candidate profile vB Tech Computers or any Equaling Qualification Vulnerability Management Regulatory Compliance (PCI DSS, ISO 27001, etc.) Network Security Testing Vulnerability Scanners (JFrog X-Ray) Penetration Testing (Burp suite) Static Code Analysis (Veracode) Governance Risk and Compliance (GRC) Systems Scripting (Python, Ruby, bash) REST and SOAP Web Service APIs Cybersecurity Best Practices Communication Documentation
