FossID

Application Security Analyst

Bucharest, Bucharest, RO

21 days ago
Save Job

Summary

Join FossID's Innovative Team as a Application Security Analyst!  

 

🌟 About FossID 

 

FossID is a forward-thinking leader in software intelligence, specialising in open-source software compliance and cybersecurity. Our mission is to empower organisations with cutting-edge tools and insights to navigate complex compliance and security challenges in the digital era. 

 

🌐 Job Summary 

 

We are seeking an inquisitive and meticulous Application Security Analyst to join our FossID team. The ideal candidate will have experience and knowledge in Static Application Security Testing (SAST), manual code review, and code quality audits.  

 

You will work on all of the following and build expertise in specific areas as your skill develop: 

  • Open-Source Audit 
  • SAST Code Review 
  • App Penetration Testing & Code-Assisted Application Penetration Testing 
  • Code Quality Audit 
  • Observability & Monitoring Assessment 
  • Code Governance & Maintainability Assessment 
  • Secure Design Assessment 
  • Third-Party API Risk Audit 

 

We conduct regular software training sessions on most weeks for the entire team, enabling you to continuously grow your skills and knowledge. 

 

⚙️ Role & Responsibilities 

 

Security Testing & Analysis 

  • Execute Static Application Security Testing (SAST) to identify potential vulnerabilities in source code. 
  • Perform manual code reviews to assess and enhance code security and maintainability. 
  • Deliver comprehensive code quality audits to ensure adherence to coding standards and best practices. 

Technical Scripting & Automation 

  • Assist in the development of Python scripts to automate security testing processes and reporting. 
  • Contribute to building tools and scripts that integrate with existing team development projects to improve the efficiency of security assessments. 

Documentation & Reporting 

  • Prepare detailed, clear, and actionable reports (Microsoft Word, Excel) summarizing findings, risk assessments, and recommended remediation steps. 
  • Maintain comprehensive documentation of security testing procedures, audit findings, and code review results for future reference and compliance purposes. 

Open source Audits 

  • Perform comprehensive open-source audits to identify third-party components, assess licensing obligations, and detect potential compliance risks.  

 

🔍 Skills and Qualifications 

 

Technical Expertise 

  • Proficiency in SAST and (optionally) DAST methodologies. 
  • Strong experience in manual code reviews and conducting code quality audits
  • Solid Python scripting skills to develop and automate security testing tools and processes. 
  • Demonstrated ability to read, write, and analyze software code across multiple programming languages
  • Familiarity with software development processes, including Agile and DevOps practices. 
  • In-depth understanding of common security vulnerabilities, threat modeling, and secure coding practices. 

Analytical and Problem-Solving Skills 

  • Exceptional analytical capabilities with a keen eye for detail and the ability to identify and troubleshoot complex issues. 
  • A curious mindset and a relentless drive to uncover the root cause of issues, ensuring long-term solutions rather than short-term fixes. 

Communication & Documentation 

  • Excellent written and verbal communication skills for both technical and non-technical audiences. 
  • Ability to prepare clear, comprehensive documentation and reports for various stakeholders. 

 

Optional Skills 

  • Dynamic Application Security Testing (DAST) 
  • Open-Source Audits 
  • Software Design Audits 
  • Application Development 
  • Familiarity with compliance frameworks and standards 

 

Preferred Qualifications 

  • Experience with software security and audit management tools, as well as remediation strategies. 
  • Familiarity with key industry resources: OWASP, CVE, CWE, CVSS, NVD, EPSS, KEV Catalog, CWSS. 
  • Background in software development or quality assurance, with hands-on experience in secure SDLC practices. 
  • Knowledge of modern software architectures (e.g., microservices, cloud-native applications) and their associated security challenges. 
  • Experience using additional scripting languages and automation tools to enhance testing and quality assurance processes. 

 

💡 Attributes & Personal Characteristics 

 

  • Proactive & Detail-Oriented: Self-driven, proactive in identifying issues before they escalate, and committed to ensuring the highest quality in every aspect of software delivery. 
  • Team Player: Able to collaborate effectively with multidisciplinary teams, share knowledge, and mentor peers. 
  • Adaptable & Eager to Learn: Open to new challenges and continuously updating your skills and methodologies in the evolving landscape of software security and quality. 

 

🔗 Apply Now 

 

Embark on a journey with FossID, where your skills will shape the future of software compliance and security. We can't wait to see the unique impact you will make! 🌟  

Industry 

 

 

How strong is your resume?

Upload your resume and get feedback from our expert to help land this job

MORE JOBS LIKE THIS

People also searched: