SAST Analyst
Location: Pittsburgh, PA / NY / NJ (Hybrid – 3 days onsite in Pittsburgh or NY/NJ)
Job Description:
The ideal candidate will have expertise in Static Application Security Testing (SAST) tools and methodologies to assess application security vulnerabilities. This role requires working onsite three days per week in either Pittsburgh, NY, or NJ.
Responsibilities:
Perform Static Application Security Testing (SAST) to identify vulnerabilities in application source code.
Analyze findings from security scans, triage false positives, and provide recommendations for remediation.
Collaborate with development, DevSecOps, and security teams to integrate SAST into CI/CD pipelines.
Maintain and enhance security testing processes and policies.
Generate detailed security reports and communicate risks to stakeholders.
Stay updated with emerging security threats, best practices, and industry standards.
Required Skills & Qualifications:
Hands-on experience with SAST tools such as Checkmarx, Fortify, Veracode, or SonarQube.
Strong understanding of secure coding practices and application security principles.
Familiarity with CI/CD integration and DevSecOps workflows.
Ability to analyze security vulnerabilities and provide remediation guidance.
Experience working in a financial or enterprise-level environment is a plus.