Cybersecurity Business Analyst (RARR Job 5879)

We are seeking an experienced Automated Security Scanning Business Analyst with a strong background in Application Security, DevSecOps, and vulnerability management. The role will focus on implementing and managing automated security scanning solutions, assessing vulnerabilities across applications, infrastructure, and cloud environments, and effectively communicating security risks to both technical and business stakeholders. This position requires a blend of hands-on security expertise, analytical skills, and the ability to drive security maturity initiatives across the organization.

Key Responsibilities

• Perform automated security testing and vulnerability scanning across applications, infrastructure, and cloud environments.

• Utilize industry-standard tools such as Tenable Nessus, Qualys, and cloud-native scanning solutions.

• Conduct vulnerability assessments, analyze findings, and provide clear risk-based recommendations.

• Articulate security risks and remediation strategies to technical teams and business stakeholders.

• Deploy and manage scanning agents across large-scale enterprise environments.

• Monitor and respond to malware threats, emerging attacks, and vulnerabilities.

• Support and enhance DevSecOps pipelines by integrating automated security scanning into CI/CD workflows.

• Contribute to the design and execution of Application Security Automation and AppSec Maturity Programs.

• Apply industry frameworks and best practices including OWASP, NIST 800 Series, CIS Critical Security Controls, and Threat Modeling.

• Collaborate with development, infrastructure, and cloud teams to ensure secure application design and deployment.

• Drive continuous improvement in security processes while operating effectively in a fast-paced, high-pressure environment.

Required Qualifications

• Minimum 7 years of experience in Cybersecurity, Information Security, or Security Engineering.

• Strong background in DevSecOps and Software/Application Security.

• Hands-on experience with:

  • Application Security Testing (SAST & DAST)

  • Micro Focus Fortify (SCA)

  • Acunetix

• Experience with vulnerability scanning tools such as Tenable Nessus, Qualys, or equivalent.

• Working knowledge of cloud platforms: AWS, Azure, GCP, or Alibaba Cloud, including cloud vulnerability assessment approaches.

• Solid understanding of operating systems, network protocols, and application development concepts.

• Exposure to scripting or programming (e.g., Python, PowerShell, or C) for automation and analysis.

• Excellent analytical, problem-solving, and critical thinking skills.

• Strong written and verbal communication skills with the ability to work collaboratively across teams.

• High level of integrity, ethical standards, and professionalism.

• Self-driven and resilient, with the ability to influence change and deliver quality outcomes under pressure.

Education

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or an equivalent discipline.

Certifications (Desirable)

• One or more industry-recognized certifications such as:

  • CISSP

  • CISM

  • CRISC

  • OSCP

Mandatory Skills

• Application Security – Micro Focus Fortify (SCA & SAST)

• Application Security – Acunetix

• DevSecOps / Application Security Automation

• Application Security Maturity Program implementation