Application Security Analyst

Job Description

On-site, Fort Mill, SC

contract to hire Summary

We are seeking an Application Security Analyst to join our client's security team with a focus on application security and vulnerability management. The ideal candidate will have knowledge of standards and practices for securing applications and APIs. This role will participate in efforts to identify, verify, report, and track vulnerabilities within Sunbelt Rentals systems and applications, spanning multiple domains including desktop, mobile, web applications, and API infrastructure.

Responsibilities

- Schedule and perform regular application security tests.

- Conduct penetration tests on critical software and systems.

- Test changes prior to go-live deployments.

- Analyze and validate identified vulnerabilities.

- Track and report on all testing activities.

- Present findings to stakeholders.

- Maintain dashboards for vulnerability tracking and management.

- Improve asset management processes.

- Enhance threat modeling practices.

- Review source code and identify duplicates.

- Utilize security testing tools such as Veracode and Burp Suite.

- Automate security scans and integrate with CI/CD pipelines.

- Collaborate with developers to improve security practices.

- Support incident response and security investigations.

- Perform various security tests including penetration, purple team, and red team exercises.

Requirements

Education & Experience

- Degree in Computer Science or a related field.

- Minimum 2-5 years of IT experience.

- Self-starter with the ability to work independently and collaboratively in team environments.

Technical Skills

- Strong understanding of internet architecture.

- Skilled in security testing methodologies including SAST, DAST, SCA, and OWASP Top 10.

- Ability to verify vulnerabilities and perform manual testing.

- Familiarity with security platforms such as Checkmarx, AppScan, Fortify, and Veracode.

- Experience with web services, JSON, and API testing.

- Proficiency in conducting vulnerability assessments and communicating security issues to stakeholders.

- Proficient in programming languages including .NET, C, C#, Java, and Python.

- Knowledge of OOP concepts and JavaScript frameworks including Node.js and React.

- 1-3 years of web development experience with HTML, ASP, ColdFusion, JSP, Node.js, or React.

- Knowledge of pipeline integration and source code management tools such as Jenkins and GitHub.

- Knowledge of relational databases including SQL Server and MySQL; ability to write and understand SQL.

- Basic knowledge of Microsoft Azure.

Additional Skills

- Experience with Databricks.

- Threat modeling within the SDLC.

- Knowledge of cloud computing and DevOps tools including Azure DevOps, Kubernetes, Docker, and Chef.

- Experience with cloud platforms (AWS, Google Cloud, Azure) and cloud security tools such as Wiz and Prisma Cloud.

- Machine learning experience.

- Experience with RPGLE and RPG-FREE application development.

Physical Demands

Must be able to bend, squat, crouch, and/or reach and lift up to 25 pounds or more as required by the job. Some positions may require driving for long periods of time, loading and unloading heavy equipment, performing work in extreme weather conditions including rain, wind, or excessive temperatures, and/or night and weekend work. All duties must be performed in accordance with Sunbelt's safety policies and guidelines. Reasonable accommodations may be made to comply with ADA/ADAAA.

#LI-JG1