Infosec Security Analyst

Role: Infosec Security Analyst

Location: Reston, VA (Hybrid)

Job Description
The client is seeking an Application Security Analyst to

• Perform Comprehensive Security Assessments

Conduct manual application security assessments leveraging both Secure Code Reviews and Application Penetration Testing methodologies to identify vulnerabilities across web, API, and backend components.

• Deep Understanding of Application Security Risks

Demonstrate strong knowledge of a broad range of application security issues, including common vulnerability classes, exploitation techniques, mitigation strategies, and industry-standard security controls (OWASP, secure frameworks, coding patterns).

• Proficiency With Web Security Testing Tools

Utilize industry-standard tools such as Burp Suite, OWASP ZAP, and other proxy, fuzzing, and scanning utilities to execute effective penetration testing and validation activities.

• Source Code Review Expertise

Perform in-depth manual code reviews in one or more programming languages, with the ability to identify insecure coding practices and provide guidance aligned with secure coding best practices.

• Risk Evaluation & Communication

Accurately determine the severity and risk of identified vulnerabilities by assessing exploitability, impact, and relevant business context; clearly communicate this risk to technical and non technical stakeholders.

• High-Quality Assessment Deliverables

Produce well-structured assessment reports documenting:

o Technical testing approach and scope

o Vulnerability details and evidence

o Root cause and business impact

o Practical, prioritized, and realistic remediation strategies

• Software Development Experience (Preferred)

Previous experience in software development or familiarity with modern application architectures is a plus, enabling more effective collaboration with engineering teams.

• Strong Communication & Collaboration Skills

Communicate complex security concepts clearly and professionally, both verbally and in writing, and collaborate effectively with developers, architects, and product teams.