Title: Cybersecurity Analyst
Location: Milpitas, CA (Onsite)
Duration: Long Term
Job Description
The Cybersecurity Analyst will be responsible for analyzing and improving the security posture of our systems and software architecture. This role requires a proactive approach to identifying and mitigating potential security threats. The ideal candidate will have a strong background in threat modeling and secure code analysis, along with hands-on experience with various security tools and technologies.
Responsibilities
- Review and analyze existing System and Software architecture documents.
- Collaborate with Subject Matter Experts (SMEs) in Milpitas to clarify questions and understanding.
- Prepare and update Data Flow Diagrams (DFD) as inputs to threat modeling.
- Conduct threat modeling and collaborate with the Security organization to develop comprehensive threat models.
- Validate functionality by checking code implementation (experience with C/C++ is advantageous, though coding is not required).
- Utilize industry-standard threat modeling tools and tools for Data Flow Diagrams (e.g., Smart Draw).
Top Skills Required
- VAPT Testing for web and mobile applications.
- Threat Modeling from the architecture.
- Secure code analysis using tools.
- Vulnerability Assessment and Penetration Testing: Experience with web applications, thick client applications, and mobile applications.
- Threat Modeling: Proficiency with Microsoft Threat Modeling Tool.
- Source Code Analysis: Expertise with tools like HP Fortify and Coverity.
- Binary Code Analysis: Proficiency with tools like Blackduck and Dependency Checker.
- Security Tools: Burp Suite, Postman, Nmap, Ready API, HP Fortify, Coverity, Check Marx, Vara code, Git secret, Black duck, Filecleater Pro, etc.
- Technologies: Familiarity with OWASP Top 10, NIST, and Azure security standards by Microsoft and AWS.
Additional Skills
- API Security Testing.
- AWS solution security testing.
- Azure DevSecOps security.
- API Security Testing.
- Experience in IoT Security Testing.
- Good understanding of SDLC.
- Knowledge of DevSecOps practices.
- Experience with manual SBOM creation using Visual Studio.
Education Qualifications & Experience
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is a plus.
- 3-5 years of experience in cybersecurity with a focus on threat modeling and secure code analysis.
- Hands-on experience with the tools and technologies mentioned above.
- Proven track record of working collaboratively with cross-functional teams to enhance security measures.
CERTIFICATIONS: Certified Ethical Hacker (CEH) or equivalent certification.