Software Security Analyst
As a Software Security Analyst, you will apply expertise in the areas of secure application design, development and testing, and vulnerability management and remediation to the business domains of a wide variety of application development teams. Working with a centralized team of subject matter experts in various quality focused software engineering disciplines, you'll be responsible for guiding application teams through the transformation and maturation of a secure software development lifecycle. In this role, you will help steer the continuous improvement of how we develop secure, performant, scalable, and highly functional software at CSC.
Some of the things you will be doing:
- Providing guidance to application development teams on security testing practices and projects
- Reviewing and validating security testing results with application teams and Information Security (InfoSec)
- Responsible for centralized Vulnerability Management practice across all development teams feeding both a business-wide view of security risk, and a focused tactical view on security defects
- Risk Analysis and Threat Modelling on application security vulnerabilities
- Development, socialization, and maintenance of security dashboards for business and development stakeholders
- Automate workflows to perform security testing and results management
- Participate and guide secure solution designs with architecture and application development teams
- Assist in investigations and remediation or mitigating solutions
- Participate and guide secure development training initiatives
- Bachelor's degree in Computer Science / Engineering / Information Systems or related discipline or equivalent job experience
- 1-2 years of experience with programming languages including one or more of the following: Java, .NET, NodeJS, Python, Ruby, BASH/shell scripting
- Experience coding to RESTful and SOAP API's
1-2 years of experience with operating systems including Linux and Windows, ideally dev ops related. Experience with Jenkins, Puppet, Chef, etc.
- Experience with web proxies, intrusion detection/prevention systems, firewalls, antivirus systems, data leakage prevention and malware controls
- Experience with systems and network infrastructure, specifically reading and interpreting communication logs generated from network communication and related alerts
- General experience in or relating to information security within an enterprise organization
- Strong analytical skills and ability to articulate complex ideas clearly and effectively
- Familiar with risk analysis methodologies
- Good understanding of security products and a desire to develop scalable solutions for security monitoring
- Exceptional customer service, written and verbal communication skills, with the ability to communicate effectively with technical and non-technical senior management and line staff are a requirement
- Familiarity with Agile development practices a plus
- HP Fortify experience a plus
At CSC®, we're always looking ahead, finding ways to improve and anticipate the future needs of our customers. Curiosity fuels our innovation and productivity drives our results. This proactive mindset has helped us adapt and create solutions that have enabled businesses to run smoother and smarter for more than 115 years.
CSC is committed to attracting, developing, and retaining talented people whose personal values align with ours. We empower our employees to bring the right solutions to market to meet customer demand. That is why we are the premier provider of global solutions for more than 180,000 businesses.
- CSC is a great place to work with smart and dedicated people. We have been voted a Top Workplace for 10 consecutive years.
- We offer challenging work and career opportunities. Most positions are filled with internal moves and employee referrals.
- Employees are eligible for an annual success sharing bonus recognizing individual performance and a profit sharing bonus based on company performance.
- CSC offers excellent benefits for you and your family, including 401(k) with employer match, medical/dental/life insurance, spouse and dependent life insurance, paid time off, tuition reimbursement, and more.
- We recently completed building a new headquarters that supports current and future technology initiatives through open design, sit/stand workstations, digital interface points that enhance teamwork and collaboration, and alternative work environments with wireless access throughout the campus, including at our outside work areas. It's an exciting time for us in terms of growth and expansion.
CSC is the world's leading provider of business, legal, financial, and digital brand services to companies around the globe. From keeping your business in compliance and streamlining operations, to protecting and promoting your brand online, we use our expertise and personal approach to help your business run smoother. We are the business behind business. We are the unwavering partner for 90% of the Fortune 500®, more than half of the Best Global Brands (Interbrand®), nearly 10,000 law firms, and more than 3,000 financial organizations. Headquartered in Wilmington, Delaware, USA since 1899, we have offices throughout the United States, Canada, Europe, and the Asia-Pacific region. We are a global company capable of doing business wherever our clients are-and we accomplish that by employing experts in every business we serve. CSC is an equal opportunity employer.
Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to be a description of all duties, responsibilities, and qualifications.
Meet Some of CSC's Employees
Chrissy fosters three development teams, facilitating new product development systems for CSC’s clients, assisting her teammates to reach solid decisions, and protecting her developers from outside negative interferences.
Back to top