Application Security Analyst

Introduction

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.

You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities

Position Location: Radford, VA

5 days onsite

The Application Security Analyst will be responsible for reviewing and identifying security risks in our software scans provided by customers. This role involves conducting security assessments, analyzing code for vulnerabilities, and collaborating with development teams to recommend effective security measures. The successful candidate will contribute to enhancing our application security practices and ensuring the protection of sensitive data. This candidate will be collaborating directly with CRM's, Customers and Customer System Integrator's to communicate open vulnerabilities and understand any false positives reported by customers.

• Proven experience in application security, including vulnerability assessments and code reviews.

• Perform regular security assessments of applications through code reviews and vulnerability assessments.

• Analyze and interpret security scan results, identifying vulnerabilities, security risks, and validating reported false positives.

• Analyze and interpret security scan results, identifying and reporting vulnerabilities for remediation.

• Collaborate with development teams to implement secure coding practices and provide guidance on addressing security findings.

• Monitor and respond to security incidents related to applications.

• Collaborate with the incident response team to investigate and mitigate security breaches.

• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices.

• Contribute to the development and improvement of application security policies and procedures.

• Ensure that applications comply with relevant security standards and regulations.

• Keep abreast of changes in security regulations and update security measures accordingly.

• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices.

• Contribute to the development and improvement of application security policies and procedures.

Required Technical and Professional Expertise

• Bachelor's degree in Computer Science, Information Security, or a related field.

• 1-3 years of experience in application security or a similar role.

• Experience with SAST (Fortify, Checkmarx, SonarQube…) and DAST (WebInspect, Burp Suite….) tools

• Proficiency in programming languages such as Java, Python, C++, C#, or others.

• Knowledge of web application security principles and common vulnerabilities.

• Familiarity with security frameworks and compliance standards (e.g., OWASP, NIST, ISO 27001).

• Understanding of secure coding practices and the OWASP Top 10.

• Strong analytical and problem-solving skills.

• Effective communication and collaboration abilities.

• Strong analytical and problem-solving skills.

• This position requires the ability to obtain and maintain a Secret Security Clearance

Preferred Technical and Professional Expertise

• Relevant certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or similar.

• Knowledge of cloud security concepts (AWS, Azure, or GCP).

• Familiarity with scripting languages (Python, Ruby, etc.).

• Knowledge of container security (Docker, Kubernetes).