banner

Security Analyst - Static Application Security Testing (SAST)

PNC

Remote , Pennsylvania, 51501

Apply Now
Salary:

$150000 - $180000  Year

Job type:

Monday to Friday

Job Schedule:

Day shift

Job benefits:

Health insurance
Paid time off
Dental insurance
Vision insurance
401(k)

Description:

Job ID: R145752

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As a Security Analyst within PNC’s Technology organization, you may be based in a remote location. This is a remote position. Work may be performed from a quiet, confidential space in a home location, approved by PNC. This position may not be available in all geographic locations.

Static Application Security Testing (SAST) is the process of analyzing source code for potential security vulnerabilities.
A Security Analyst on the SAST team demonstrates general knowledge of programming languages, the OWASP Top 10, and experience finding vulnerabilities in code.

• Conducts and assists with automated security scanning and manual review of application code to identify and validate vulnerabilities.
• Retests previously discovered vulnerabilities to confirm successful remediation.
• Develops and maintains documentation such as procedures, assets, communication, etc.
• Onboard new applications onto the platform and troubleshoot issues for existing applications as they arise.
• Contribute to the enhancement of the SAST program.

Position Requirements:
- Mobile or Web development experience
- Dynamic or Static application security testing experience (1yr+)
- Knowledge of common security vulnerabilities such as the OWASP Top 10
- Ability to communicate program requirements and vulnerability information to internal customers
- Ability to review automated security findings and remove false positives through code review
- Detailed approach to tracking work and documenting artifacts for future review.

Familiarity with any of the below are a plus:
- Checkmarx, Snyk Code, SonarQube, etc
- Java
- Python
- Javascript
Job Description

Provides technical evaluation and analysis. Supports activities, process, and tools needed to improve overall security posture of the organization.
Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation. Performs investigation and data loss prevention, data manipulation, and coordination of activities. Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls.
Advises on more complex security procedures and products for clients, security administrators and network operations. Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
Conducts security assessments and other information security routines consistently. Investigates and recommends corrective actions for data security related to established guidelines.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
Competencies
Analytical Thinking – Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.
Effective Communications – Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.
Information Assurance – Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
Information Security Management – Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Information Security Technologies – Knowledge of technologies and technology-based solutions dealing with information security issues.
IT Environment – Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
IT Standards, Procedures & Policies – Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
IT Systems Management – Knowledge of and ability to utilize a variety of technical tools and techniques to guarantee service availability and ensure IT system performance.
Problem Solving – Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.
Software Security Assurance – Knowledge of and the ability to detect and prevent data security vulnerabilities of coding throughout the software development life cycle within software development organizations.
Work Experience
Roles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.
Education
Bachelors
Additional Job Description

Base Salary will commensurate with skills and experience

Skill:

Communication
Organizational

Others Requirements:

Under 1 Year
3 years

Category:

Communications

Positions:

On going position

Location:

General Location, within a limited area