Application Security Analyst II ( R-00073804-OTHLOC-PL-2D0275 )
Next stop – Leidos. Leidos is working with our NOAA customer to transform their Security Operations Center into an industry leading organization. As a part of a multi-year initiative, we are modernizing our IT infrastructure, implementing industry-leading cyber technologies, and transforming how analysts think and handle threats. Here, you will put your cyber security prowess in action and provide senior-level subject matter expertise as an Application Security Analyst. This person will work across teams and departments to identify security vulnerabilities, analyze/verify those vulnerabilities, and work with the appropriate software engineering team to remediate the vulnerability. Your experience, knowledge, and understanding of standards and tools like: OWASP, Threat Modeling, GitHub repo scanning, and many more will build the foundation for a safe and secure software practice. You will provide direction and management of cyber initiatives. Join our team in Fairmont, WV or Boulder CO and watch your career grow with Leidos.
- Provide technical direction and mentor junior and mid-level employees
- Act as the go-to person for technical recommendation
- Set and enforce the standard for effective cyber operations
- Respond to cyber incidents through detection, investigation, analysis, remediation, and reporting of cybersecurity incidents
- Perform code reviews using Static and dynamic code scanning tool sets across a variety of programming languages and business units.
- Establish secure coding standards and help business units adhere to them.
- Support core hours but also 24x7 shifts when coverage is needed in rare situations.
- Developing test scripts and procedures to support the program’s tactical and strategic initiatives.
- Assist and ensure secure coding best practices are being applied and enforced.
- 3-5 years of programming or application security experience.
- Proficiency in 3 or more programming languages.
- Familiarity in analyzing network packets, SIEM alerts, and server and application logs to investigate incidents for anomalous/malicious activities.
- Proficient in OWASP vulnerabilities and remediations.
- Have one of the following certifications: GWEB, GWAPT, Additional certifications at or above the level of this listing may also be accepted.
- Experience performing code reviews.
- Experience in or strong understanding of software development / writing coding.
- Experience with web application vulnerability scanning tools.
- Experience working with malware and applying reverse engineering techniques.
- B.S. degree in Computer Science with 2 - 4 years of prior relevant experience, or related work experience.
- Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology.
- Inquisitive, problem-solving oriented.
- Can-do attitude with a strong sense of ownership.
- Must be a US Citizen.
- Minimum fully adjudicated Secret and Interim Top Secret clearance.
- Fairmont, WV
- Boulder, CO