Coalfire Federal

Web Application Security Analyst

Job Locations US-Remote
ID
2022-3649
Type
Regular Full-Time

About Coalfire

Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google, Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.

 

We’re growing rapidly and are currently seeking a Web Application Security Analyst to support our Coalfire Federal team. 

What you'll do

  • Integrating Software into the Agency’s Code Scanning Tool. Support will include integrating CheckMarx, Fortify, Black Duck, Sonatype Nexus IQ Lifecycle, and Jira into the Agency’s code scanning tool.
  • Providing Correction Action Recommendations. This includes detailing specifics of the findings and the potential danger of a particular vulnerability as well as informative mitigation strategies including source code examples.
  • Implementing Open-Source Code Capabilities into the Agency’s Existing Secure Code Scanning Program
  • Providing Support to the Web Application Security Team and developers
  • The contractor shall perform code scans using the Agency’s code scanning tool and provide expert insight on triage and remediation of issues.
  • Create custom scan rules in the Agency’s code scanning tool that comply with FISMA, NIST, and SSA standards.

What you'll bring

  • Bachelor's degree (four-year college or university) in Computer Networks, Cybersecurity, Computer Science, or Information Systems / Technology.
  • Public Trust or Suitability for clearance
  • In depth experience and knowledge of common website vulnerabilities including, but not limited to, SQL Injection, Cross-site scripting (XSS) and Session Management
  • Experience or knowledge of Jenkins, Cloud, and Maven
  • Experience with writing build scripts using tools such as Ant, Maven, BuildForge, MSBuild and others
  • Experience with collaboration tools such as SharePoint
  • Experience with integrating SCA code scanning into the build process
  • Code scanning experience - Manual/Automated/Static/Dynamic
  • Experience/exposure in major programming languages such as JAVA EE, .NET, COBOL, ColdFusion, etc.
  • Experience with application security source code scan tailoring, defect analysis and false positive/negative identification
  • Experience with implementing security control gates in an enterprise software development lifecycle
  • Ability to collaborate with business stakeholders
  • Ability to train/educate users individually or in a group setting
  • Experience with creating, presenting, and communicating application security concepts and business value to varying levels of technical audiences
  • Develop or provide enhancements to existing security tracking business processes and application
  • Open-source code experience
  • Knowledge with current web application security threats as identified in: Open Web Application Security Project (OWASP) Top 10, SysAdmin, Audit, Network, Security (SANS), Common Weakness Enumeration (CWE)
  • CheckMarx and Black Duck experience

Bonus Points

  • Military experience
  • CISSP, CISM, CISA, Security+ or other relevant certification

Why you'll want to join us

Passionate problem-solvers who are hungry to learn, grow, and contribute. That’s what it takes to be a part of the Coalfire team. We work together to tackle the toughest cybersecurity challenges and help our clients become more secure and successful. We are trusted advisors who are committed to shaping our industry. At Coalfire, our people have the opportunity to expand their minds and skills, build meaningful relationships with the industry’s smartest minds, and have a direct impact on our company’s success. 

 

Along with energetic culture and supportive environment, you’ll have the flexibility to balance your personal and work life and grow personally and professionally. We work hard, and we play hard – and the two often overlap, and we’re active in our communities. Plus, we offer great benefits, including:

  • Health, dental, and vision insurance with an employer contribution
  • Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
  • A generous 401(k) plan
  • A corporate wellness program
  • Stock Appreciation Rights (SARs)
  • Tuition reimbursement
  • Certification reimbursement

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed