Vulnerability Analyst

Black Duck Software Inc. helps organizations build secure high-quality software minimizing risks while maximizing speed and productivity. Black Duck a recognized pioneer in application security provides SAST SCA and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code open source components and application behavior. With a combination of industry-leading tools services and expertise only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

The Vulnerability Analyst is responsible for performing security analysis of open source projects facilitating the delivery of accurate and actionable security information. The successful candidate would be expected to engage with senior team members assist with security research efforts and report to the Security Research Team Leads. This position will be based out of our Belfast Northern Ireland office. Additionally other duties may need to be carried out including but is not limited to quality review of vulnerability reports development of internal tools and in-depth security research. These are dependent on performance and skills.

As a Vulnerability Analyst your primary responsibilities are:
Performing vulnerability analysis and documentation
Engaging with senior security researchers
Performing security research activities on both public and undisclosed vulnerabilities

Job Requirements:
Degree in Computer Science / related field or proven willingness to learn
Excellent written and oral communications skills
Versatile and capable of working in a fast-paced agile environment
Demonstrates initiative
Excellent team collaboration
Strong commitment to customers
Understands the importance of strong processes and structured documentation

Skills & Experience:
Awareness of Open Source OWASP networking concepts
Understanding of existing threats & mitigation / remediation strategies
Understanding of various operating systems and common applications
Familiarity with security tools
Understanding of detection & protection technologies (IDS/IPS/WAF)
Demonstrates strong problem-solving abilities and can work independently

Desired Skills & Experience:
Scripting experience (Various: Python /Perl/Java/Ruby etc)
Understanding of various testing techniques including static & dynamic analysis fuzzing
Understanding of the Secure Development Lifecycle (security requirements threat modelling attack surface analysis)

Black Duck considers all applicants for employment without regard to race color religion sex gender preference national origin age disability or status as a Covered Veteran in accordance with federal addition Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.