Job Location:

St. Louis, MO

As a

salaried fulltime

Senior Information Security Analyst-

- DevSecOps Developer

As a Ferguson Consulting employee, and a consultant to our end client, you can focus on your technical skills development and career versus becoming a client SME - which is always in your best interest.

The client’s goal is to bridge traditional gaps between IT and Security while ensuring fast, safe delivery of code. To replace silo thinking by increasing communication and shared responsibilities of security tasks during all phases for security processes.

Working on site at our client

,

WhatYou'll Do:

• Analyze/Define/Implement application security framework.
• Support and maintain application security platform.
• Work with developers to refine security checkpoints in the SDLC/DevOps that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-37 and/or ISO security standards.
• Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
• Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT
• Secure Coding to address common coding vulnerabilities.
• Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
• Assist with periodic security risk assessments, IT security audits, and management reporting.
• Assist with SCA (Software Composition Analysis) platform.

Who You Are:

• 8 years of experience as an information security practitioner
• Including experience with
• Security risk assessment and systems security audit
• PCI Data Security Standards
• Web application security methods; OWASP
• Software Composition Analysis tools such as XRay, Blackduck
• Tools such as Veracode, Contrast, Fortify, etc. to manage application security
• Build automation and packaging tools such as Maven, Gradle, NPM
• Continuous Integration tooling such as Jenkins, Bamboo
• Artifact/Docker repositories such as Artifactory, Nexus, Harbor
• Comfortable with Linux; CentOS, RHEL.
• Comfortable working with Java platforms.
• Excellent verbal and written communication skills.
• BA/BS in Information Technology, Computer Science, MIS or related field or equivalent work experience

The benefits:

We hire IT professionals who like to work with smart people and can hold their own in a demanding environment. Our employees build a career at Ferguson. Here IT isn’t a support function for our business – it IS our business. We strive to develop a professional relationship with each employee – and that is what you are, our direct employee. Our pay and benefit levels recognize the advanced skills of our talented staff members. In addition, we are unique in our market in the emphasis that we place on continuing education, including an annual training allowance that is an integral part of our compensation package. This kind of investment in our employees’ professional development is an important contributor to making Ferguson a desirable place to build an IT career. As a W-2 employee, your first assignment will be just that – the first of many. Our goal is to establish a long-term employee relationship with you.

The compensation:

Highly competitive base salary.

Paid overtime

$.60/$1 401K match

160 hours of Paid Time Off (PTO) Benefits

Bonus System

Health, vision, dental, and life insurance

Short-term and long-term disability

Training allowance for Leading Industry Professional Training with SLU/Wash U.

How to Apply:

If you are looking for a change and/or are interested in building or continuing your career as an IT professional and have the ability to thrive in challenging, fast-paced environments, we want to hear from you.

Please send your resume to Andy Scheffel at ascheffel@fergcons.com

Please review our website fergusonconsultinginc.com and find out more about who we are and what we can do for you.

W-2 CANDIDATES ONLY. NO CORP-TO-CORP.