Post free Jobs, C2C Hotlists, vendors list and more

Home>Urgent role for SAST Analyst

Urgent role for SAST Analyst

C2C
  • C2C
  • Anywhere

Position: SAST Analyst

Location: Pittsburg, PA or NYC, NY (Hybrid)

Duration : 12+ months  

   

We are seeking a SAST (Static Application Security Testing) Analyst to join our cybersecurity team. This role involves analyzing source code, identifying security vulnerabilities, and ensuring applications meet security compliance standards. The ideal candidate will have expertise in application security, secure coding practices, and experience with SAST tools like Fortify, Checkmarx, Veracode, or SonarQube.

Key Responsibilities:

  • Perform static application security testing (SAST) on applications to identify vulnerabilities in source code.
  • Analyze and interpret SAST scan results, prioritize findings, and provide remediation guidance to development teams.
  • Work closely with developers, security engineers, and DevSecOps teams to integrate security into the software development lifecycle (SDLC).
  • Tune and customize SAST tools to improve accuracy and reduce false positives.
  • Provide detailed reports on security risks, trends, and remediation recommendations.
  • Ensure applications comply with security best practices, industry regulations, and frameworks (e.g., OWASP, NIST, ISO 27001).
  • Assist in training developers on secure coding practices and secure software development lifecycle (SSDLC).
  • Stay updated on the latest security vulnerabilities, exploits, and emerging threats.

Required Qualifications:

  • 3-5+ years of experience in application security, SAST analysis, or secure code review.
  • Hands-on experience with SAST tools such as Fortify, Checkmarx, Veracode, SonarQube, or similar.
  • Strong understanding of secure coding practices and common security vulnerabilities (OWASP Top 10, SANS Top 25).
  • Experience with programming languages like Java, .NET, Python, JavaScript, C++, or similar.
  • Familiarity with CI/CD pipelines and DevSecOps practices.
  • Knowledge of cloud security (AWS, Azure, or GCP) and application security frameworks.
  • Strong analytical and communication skills to effectively convey security risks and solutions.

Preferred Qualifications:

  • Relevant security certifications (e.g., CISSP, CEH, OSCP, CSSLP, GWEB).
  • Experience in penetration testing or dynamic application security testing (DAST).
  • Exposure to regulatory compliance frameworks (e.g., PCI-DSS, GDPR, HIPAA).


From:
Abhishek Tiwari,
Upward Talent LLC
atiwari@thestaffed.com
Reply to:   atiwari@thestaffed.com