Responsibilities
- Perform application security analysis using both automated and manual techniques, including: Static code analysis (SAST)
- Perform application security analysis using both automated and manual techniques, including: Software composition analysis (SCA)
- Perform application security analysis using both automated and manual techniques, including: Fuzzing
- Perform application security analysis using both automated and manual techniques, including: Manual code and design reviews
- Identify, analyze, and help remediate application vulnerabilities
- Support software engineers in integrating security considerations into system and application designs
- Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
- Design, implement, and improve continuous integration security analysis tooling
- Tune and maintain security tools to reduce false positives and improve signal quality
- Assist development teams in understanding findings and implementing effective fixes
- Support threat modeling and secure design reviews
- Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
- Document findings, recommendations, and best practices
- Perform other duties as assigned
Additional Information
- Applicants must be U.S. citizens due to U.S. government contract requirements.
