Senior Vulnerability Code Analyst

    • Educology Solutions
  • Washington, DC
  • Posted 28 days ago | Updated 9 hours ago

Overview

On Site
Full Time

Skills

ESI
Ruby on Rails
Ruby
Programming languages
Computer science
PHP
Bash
Windows PowerShell
Python
Fortify
Burp suite
Cyber security
OWASP
SANS
Software development
Vulnerability management
Threat modeling
Risk assessment
Management
OSCP
Web applications
Software development methodology

Job Details

Job Description

Job Description
Salary:

ESI is seeking a Senior Vulnerability Code Analyst to support work for one of our customers.


  • Duties & Responsibilities
  • Extensive knowledge and hands on experience in Ruby-on-Rails.
  • Perform vulnerability code analysis on the code running HBXs platforms.
  • Vulnerability code analysis is expected to be performed prior to deployment of every change. This role requires deep technical expertise in both Ruby on Rails and security practices, including experience in code analysis and secure coding principles.
  • Qualifications
  • Coding Languages Demonstrated proficiency in Ruby programming languages.
  • Bachelors Degree in Computer Science
  • Demonstrated familiarity with languages such as PHP, Bash, PowerShell, or Python. Code Analysis Tools
  • Demonstrated expertise with static and dynamic Code Analysis Tools such as: Fortify, Checkmarx, Veracode, SonarQube, and Burp Suite. Demonstrated familiarity with fuzzing tools and techniques. Security Technologies and Concepts:
  • Demonstrated expert knowledge understanding of common cyber security vulnerabilities and attack vectors (e.g., OWASP Top Ten, CWE/SANS Top 25). Knowledge of secure coding practices and software development life cycle (SDLC) security. Vulnerability Management Experience with threat modeling and risk assessment methodologies. Experience in managing vulnerability remediation processes and working with development teams to fix issues.
  • Certifications: The following certifications are preferred: Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) Certified Secure Software Lifecycle Professional (CSSLP)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.