Garshan Associates

Compensation

Full Description

Development Security Operations Analyst Remote Office (strong potential for extension and/or conversion to FT) $65-85/hour We have been trusted for more than two decades to protect and govern sensitive information in the cloud. Selected to the IDC Top 100 FinTech rankings, we provide purpose-built cloud services to large, regulated organizations. Founded by the financial industry to answer complex, information-centric challenges, we have developed a unique business model that has led to our well-known and unmatched pedigree in the industry. Our unique business model combines hardware, software, and unmatched expertise to provide needed guidance on best practices and strategy as well as technology solutions. Our team embraces a core set of values that drive our business: integrity, customer focus, value creation, respect, innovation, and teamwork. Our people are passionate about their work and our values, resulting in an exciting environment where personal achievement is rewarded, teamwork is encouraged, and customer service is our top priority. Essential Duties and Responsibilities: • Provide DevSecOps security analyst support to application development teams in a highly regulated industry and environment as they prepare to migrate several applications to the cloud. Daily duties will include security vulnerability analysis and reporting, reviewing Veracode source code scan reports, researching and validating findings, and, with the development team, suggesting corrections, remediations, and mitigations. • In addition to assisting with source code security, you ll also be required to manage security around third-party libraries and artifacts, managing any vulnerabilities across the lifecycle from validating findings, reporting, and through to remediation. • To manage your work, you ll be working with our scrum master in Azure Boards to plan work, write features, stories, and tasks, so experience with Agile is needed. • Validate that build versions are compliant with vulnerability management policies. • Coordinate and manage both internal and external vendor penetration testing. • Manage and utilize various security development tools. • Attend daily standups and weekly program management calls. • And finally, provide security support to dev and test environments as needed. The ability to logically identify problems and causes, and to act as a liaison between developers and other teams to ensure security efforts are progressing, is paramount to success in this role. Work Experience Requirements: • 3 - 5 years of security experience in DevSecOps as a security analyst. • Must have experience with the following toolsets and skills: • Vulnerability and risk management policies and standards • Build and deployment CI/CD pipelines such as GitHub Actions or Azure DevOps • SAST scanning tools such as Veracode or SonarQube • Source code repositories such as Github or GitLab • Artifact repositories and associated tools such as JFrog or Azure Artifacts • Work effort tracking tools such as Azure Boards or Jira • Familiarity with the following tools is a plus: CodeQL, shellcheck, Perl Critic, SQLFluff, JEB CE, Ghidra, dotPeek, • Must have familiarity with object-oriented programming languages such as C++, C#, Java, and JavaScript • Familiarity with the following Scripting Languages: KSH, Bash, Perl, PowerShell • Other Software: MS Office and O365. • Must have development experience or experience working closely with application development teams, preferably in a DevSecOps role. • Experience with networking and firewall technologies. • Familiarity with web-based multi-tiered application architecture. • Experience working and developing in Azure. • Experience developing security processes and managing risk • Problem-solving and debugging skills. • Cisco, Microsoft, or UNIX certifications, esp. related to security, preferred.