Blue Rose is seeking a SailPoint Analyst to support our work with a federal client in Kingstowne and Ft. Belvoir, VA. This role is a Hybrid role requiring some onsite and some remote work. This role is open to U.S. Citizens ONLY.

　　Successful candidates must have an Active Secret Clearance.

　　In this role you will:

　　Evaluate application security in all phases of the software development life cycle

　　Work closely with team members to define application security best practices, perform software architecture and design reviews, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms

　　Support the development of security procedures and methods to ensure the safety of information systems and to protect the system from intentional (unauthorized) or accidental (inadvertent) access or destruction

　　Work with Web development, network administration, and corporate security teams, to actively identify, and analyze risks and develop plans that drive security improvements for the project/program

　　Serve as a liaison between development teams and stakeholders to understand and formulate security requirements for project/program

　　Define, maintain, and enforce application security best practices

　　Explain and demonstrate vulnerabilities to application owners, and provide recommendations for mitigation

　　Conduct and coordinate vulnerability assessments of software application under development

　　Identifies additional application security related tools, conducts tool analysis, and provided recommendations

　　Perform and conduct penetration tests and manual/automated code reviews

　　Train developers and other relevant team members on Secure Code Development as well as other security protocols as needed

　　REQUIREMENTS:

　　Candidates must have:

　　5 years of experience as an Application Security Developer, Application Security Analyst, or equivalent

　　3 years experience with SailPoint

　　Security + Certification

　　Other Job Specific Skills

　　Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate

　　In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies

　　Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP

　　Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors

　　Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.

　　Knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols

　　Experience with static code analysis tools including HP Fortify

　　Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools

　　Experience working with GIT source code management

　　Must have solid working experience and knowledge of Unix/Linux operating system

　　Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB is preferred

　　Understanding of Agile/Scrum methodologies is preferred

　　Experience with Axiomatics is a plus

　　Education:

　　Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.

　　Salary: $82,000 – $102,000, Depending on Experience

　　Powered by JazzHR