| Security Consultant, Bellevue, WA (Day 1 Onsite) at Bellevue, Washington, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2281471&uid= Classification: Public Hi Team, Please share quality resume on below skills. Make sure to have right candidate as per JD. Map to the # 1536061BR Title : Security Consultant Location : Bellevue, WA (Day 1 Onsite) Sell Rate : $60-$62/hr. C2C JD: Responsibilities: Static Code Analysis (SCA): Perform static code analysis on applications to identify vulnerabilities early in the software development lifecycle. Configure and maintain static code scanning tools to detect issues like SQL injection, buffer overflows, cross-site scripting (XSS), and other code vulnerabilities. Work closely with developers to remediate identified security issues and improve the overall security posture of applications. Dynamic Application Security Testing (DAST): Conduct dynamic code analysis on running applications to identify runtime vulnerabilities and security flaws. Perform manual penetration testing when necessary and assist in automating dynamic testing within CI/CD pipelines. Collaborate with development teams to resolve findings and ensure minimal security risks before production deployment. Open-Source Software (OSS) Management: Manage and track OSS dependencies used in applications, ensuring compliance with licensing and security best practices. Identify vulnerabilities in OSS libraries and recommend appropriate remediation measures or replacements. Continuously monitor OSS repositories for newly discovered vulnerabilities and communicate risk levels to relevant stakeholders. Maintain up-to-date records of OSS usage and vulnerabilities, ensuring compliance with organizational policies. Vulnerability Remediation & Reporting: Prioritize vulnerabilities based on risk assessment, exploitability, and business impact. Provide detailed analysis and remediation recommendations for identified security issues. Develop and maintain vulnerability management reports and dashboards to provide visibility to senior leadership on the status of security issues across applications. Collaboration & Knowledge Sharing: Collaborate with cross-functional teams, including development, DevOps, and product teams, to integrate security into the software development lifecycle (SDLC). Mentor and provide guidance to junior team members on secure coding practices, vulnerability remediation, and best practices. Stay updated with the latest trends in vulnerability management, application security, and open-source security. Continuously review security and privacy practices Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services Assist in defining, driving, and delivering key elements of Truvetas vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services Qualifications: Hands-on experience with static code analysis tools (e.g., SonarQube, Checkmarx, Fortify) and dynamic application security testing tools (e.g., OWASP ZAP, Burp Suite). Strong understanding of open-source software, package managers (e.g., npm, Maven, pip), and vulnerability management platforms (e.g., Snyk, WhiteSource, Black Duck). Proficiency in at least one programming language (e.g., Java, Python, C/C++, JavaScript, etc.) for understanding code and conducting security analysis. Knowledge of security testing methodologies and frameworks, including OWASP Top 10, Secure Development Lifecycle (SDLC), and CIS Controls. Experience working with vulnerability management platforms (e.g., Qualys, Tenable, Rapid7) and integrating with CI/CD pipelines. Familiarity with risk assessment, threat modeling, and security best practices. Strong communication skills, with the ability to explain technical security issues to both technical and non-technical stakeholders. About Cygnus Professionals, Inc. Cygnus is a Princeton, NJ-headquartered global Business IT consulting and software Services firm with offices in the USA and Asia. Cygnus offers and enables innovation and helps our clients accelerate time to market & grow their business. Over 15 years, we have taken great pride in continuing our deep relationships with our clients. For further information about CYGNUS, please visit our website www.cygnuspro.com Cygnus Belief We believe in our commitment to diversity & inclusion. Equal Employment Opportunity Statement Cygnus is an Equal Opportunity Employer. We ensure that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion, or sexual orientation. All our employment decisions are taken without looking into age, race, creed, color, religion, sex, nationality, disability status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status, or any other aspects of employment protected by federal, state, or local law. Applicants for employment in the US must have work authorization & Cygnus does not offer any sponsorship of a visa for employment authorization in the United States. Thanks and Regards, Ankush Verma | Lead Recruiter Office: 732 485 0000 - 9086 Direct: 209-260-5752 Email: ankush@ cygnuspro.com Cygnus Professional Inc. https://www.linkedin.com/in/ankush-verma-7a1818b2/ Keywords: cprogramm cplusplus continuous integration continuous deployment information technology New Jersey Washington Security Consultant, Bellevue, WA (Day 1 Onsite) [email protected] http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2281471&uid= |
| [email protected] View All |
| 10:45 PM 24-Mar-25 |