Washington, D.C.

Application Security Code Vulnerability Analysts

Job Specs

Cyber Defense

Job Description:

The Company:

At XOR Security, we build solutions that keep our citizens safe, our government’s information secure and our intelligence professionals one step ahead of the adversary. From defensive and offensive cyber operations to data analytics and strategic consulting, the XOR team provides the insight, expertise and dedication to ensure mission success. Our solutions deliver certainty – the certainty clients need to make critical decisions and lead with confidence.

XOR Security is currently seeking a talented Application Security Code Vulnerability Analysts to support one of our premier federal clients. The engineer will review source code using automated code analysis tools to understand which portions of code require manual review. Other responsibilities include performing manual code review, reporting relevant findings, and recommending applicable alternative to making the application secure. 

Preferred Skills:

Required Qualifications:

  • 4+ years of experience in Software Development
  • In-depth experience testing software for Open Web Application Security Project (OWASP) Top 10 vulnerabilities
  • Experience with one or more static code analysis automation tools such as Fortify Static Code Analysis (SCA), CheckMarx, Coverty, or other automated secure code analysis software
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience

Desired Qualifications:

  • One of the following certifications is a plus: CASE, CSSLP, a GIAC GSSP certification, or other secure code analysis certification.
  • Experience programming with a language such as JavaScript, C, C#, C++, ASP.net, or Python.

Job Duties:

  • Leverage the Threat Assessment, Vulnerability Assessment, or Automated Code Analysis to understand which portions of the code should be manually reviewed
  • Perform Source code analysis leveraging a Static Application Security Testing (SAST) tool to analyze source code and/or compiled versions of code to rapidly identify potential security flaws in the application
  • Identify OWASP Top 10 Vulnerabilities and communicate clearly to the client risks and remediations for findings.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.