Logo of Huzzle

Junior Application security analyst

  • Job
    Full-time
    Junior Level
  • Data
    IT & Cybersecurity
  • Fargo
    Remote

AI generated summary

  • You need experience with DAST tools, penetration testing, Java, Kubernetes, Docker, traffic analysis, and automated security processes. Strong communication skills are essential.
  • You will analyze security tool results, review Java code for vulnerabilities, conduct penetration tests, understand container security, and develop remediation plans for identified risks.

Requirements

  • To be successful, you'll need:
  • Solid experience with DAST (Dynamic Application Security Testing) tools like AFL, Fuzzing, and Burp Suite, including building custom test configurations.
  • Proven experience in conducting penetration testing for virtualized infrastructure environments.
  • A background in mobile application security is a plus.
  • Strong programming skills in Java.
  • Experience working with container orchestration platforms like Kubernetes (k8s) and Docker.
  • Familiarity with traffic analysis tools like Wireshark.
  • A passion for automating routine security processes to improve efficiency.
  • A strong understanding of modern software development methodologies (Agile, SDLC, DevOps, CI/CD).
  • Excellent written and verbal communication skills (English B1, Russian B2+).
  • Bonus points if you have:
  • Experience participating in Bug Bounty programs and contributing to the security community.
  • A proven track record in Capture the Flag (CTF) competitions.
  • Familiarity with the OWASP Testing Guide, OWASP Code Review Guide, and OWASP Secure Coding Practices.
  • Experience working with HashiCorp Vault for secure secrets management.
  • Experience with network vulnerability scanners (Nessus, XSpider, MaxPatrol).

Responsibilities

  • SDLC Security Champion: Analyze security tool results, refine rules, and evaluate their effectiveness to continuously improve our application security posture.
  • Code Detective: Review and analyze Java source code to identify potential vulnerabilities and security weaknesses.
  • Penetration Testing Pro: Conduct internal penetration tests to proactively identify and mitigate security risks before they can be exploited by attackers.
  • Containerization Guru: Gain a deep understanding of containerized applications and their security implications.
  • Vulnerability Remediation Expert: Develop actionable recommendations for identified vulnerabilities, considering the specific technologies and implementations involved.

FAQs

Is this position remote?

Yes, this is a fully remote position.

What is the salary range for the Junior Application Security Analyst position?

The annual income for this role is between $64K and $75K.

Is a valid work permit necessary to apply for this position?

Yes, a valid work permit is necessary to work in the US.

What qualifications are needed for this role?

Candidates should have at least 1+ year of experience in application security, solid experience with DAST tools, strong programming skills in Java, and familiarity with container orchestration platforms.

Are there opportunities for career growth in this position?

Yes, we offer a collaborative and dynamic work environment where you can learn and grow your skills, providing opportunities for career advancement.

Is experience with mobile application security required?

No, while a background in mobile application security is a plus, it is not a strict requirement for this position.

What tools and technologies will I work with in this role?

You will work with various security tools including DAST tools, penetration testing tools, traffic analysis tools like Wireshark, and you will gain experience with containerization platforms such as Kubernetes and Docker.

Do I need to have experience with Bug Bounty programs?

While experience participating in Bug Bounty programs is a bonus, it is not a requirement for this position.

What are the language requirements for this role?

Excellent written and verbal communication skills in English (B1 level) and Russian (B2+ level) are required.

What kind of projects will I be involved in?

You will be involved in protecting our applications throughout the development lifecycle by analyzing security tool results, conducting penetration tests, and remediating vulnerabilities.

Does the company support automation in security processes?

Yes, we encourage automation of routine security processes to improve efficiency within our security teams.

Is there a focus on team collaboration in this role?

Yes, you will work in a supportive team environment where collaboration and knowledge sharing are highly valued.

Learn Coding & Build software collaboratively with the power of AI, on any device, without spending a second on setup!

Technology
Industry
11-50
Employees

Mission & Purpose

Skip setup, soar through code! Learn & build together, on-demand, with AI your co-pilot. Any device, endless possibilities. Careers taking flight? Visit our page! But wait, there's more! You're not alone on this coding quest. Our trusty AI companion will guide you, suggest code snippets like secret spells, and catch errors before they turn into dark side bugs. Collaborate with fellow code warriors in real-time, sharing wisdom and building epic software empires together. From simple droids to full-blown Death Stars, the possibilities are endless. Web apps, mobile games, anything your code-fueled imagination can conjure. And when your masterpiece is ready, deploy it with a single click, sharing your creation with the galaxy. Level up your skills, join a thriving community of code knights, and land your dream tech job. Our career page is like a lightsaber to your resume, cutting through obstacles and illuminating your path to coding glory. So grab your device, choose your coding destiny, and join the revolution