Job Title:  Product Security Analyst

Element

Detail

Job Title

Product Security Analyst

Reporting To

IT Director

Department/Location

Corp IT, Bangalore, India

Main Purpose

We are seeking a skilled and detail-oriented Application Security Specialist to support the security scanning and compliance efforts for our software applications. The successful candidate will be responsible for identifying, mitigating, and managing security vulnerabilities through Static Code Analysis (SAST), Software Composition Analysis (SCA), License Compliance, and the creation and maintenance of a comprehensive Software Bill of Materials (SBOM). This role will leverage advanced security tools including Veracode, Finite State, and CodeSecure (CodeSonar, CodeSentry) to safeguard the integrity and security of our applications

Key Tasks

• Help business units to perform Static Code Analysis (SAST) using AMETEK approved product security scanning tools such as Veracode, Finite State & CodeSonar ( CodeSonar & CodeSentry) to detect and remediate security vulnerabilities in the codebase during the development phase.
• Help business units to perform Software Composition Analysis (SCA) with AMETEK approved tools to identify and manage risks associated with open-source components, including security vulnerabilities and license compliance.
• Ensure strict License Compliance by monitoring the use of open-source software, managing licensing obligations, and ensuring that the business units adheres to all applicable software licensing regulations.
• Develop and maintain a comprehensive Software Bill of Materials (SBOM) using tools to provide full visibility into software dependencies, vulnerabilities, and risk profiles.
• Collaborate closely with development, DevOps & scanning vendors to embed robust security practices throughout the Software Development Lifecycle (SDLC) and facilitate seamless integration of security measures.
• Work proactively to prioritize and drive the remediation of identified security vulnerabilities and risks.
• Work closely with software developers and the vendor's security team to provide expert guidance and recommendations on secure coding practices, risk mitigation strategies, and adherence to security standards and regulations.
• Maintain up-to-date knowledge of emerging security threats, vulnerabilities, and industry trends, ensuring the application of leading-edge security technologies and processes.
• Weekly update of Product Scanning Progress Dashboard. Prepare detailed reports and documentation on security risks, vulnerability assessments, and compliance audits for both technical and non-technical stakeholders.

Key Attributes

• 1-2 years of hands-on experience in application security scanning using widely adopted industry tools such as Veracode, Finite State, CodeSonar/CodeSentry, or similar platforms.
• Familiarity with creating and maintaining Software Bill of Materials (SBOM) to provide clear visibility into software dependencies and third-party components.
• Ability to collaborate with cross-functional teams (development, security, DevOps) to integrate security practices into the SDLC and CI/CD pipelines.
• Strong analytical skills with the ability to identify, prioritize, and resolve security vulnerabilities in a timely manner
• Strong expertise in security frameworks such as OWASP, NIST, CIS, PCI DSS, SANS, etc. and a deep understanding of secure software and firmware development practices.
• Bachelors degree in related technical field (i.e. Engineering or Computer Science)
• Must be fluent English with good written and oral communication ability
• Work to flexible time schedule including hours of work