Software Security Analyst
Indexed description
Your impact
We are looking for a mid-level Software Security Analyst to join our security engineering team. In this role, you will be the primary point of contact for application security scanning — running static and dynamic analysis against codebases across the organization and working hands-on with developers to understand, prioritize, and remediate the vulnerabilities you find. This is a technical, collaborative role for someone who is equally comfortable reading code and explaining security risks in plain language.
- Conduct static application security testing (SAST), dynamic testing (DAST), and software composition analysis (SCA) across development teams using Qualys and related tooling
- Triage, analyze, and validate scan findings, filtering false positives and prioritizing issues by exploitability and business impact
- Partner directly with software engineers to walk through vulnerabilities, explain root causes, and guide remediation — not just hand off a report
- Develop and maintain remediation documentation, secure coding guidance, and knowledge base articles for common vulnerability classes
- Track open findings through to closure in ServiceNow, following up with development teams to ensure timely resolution
- Integrate security scanning into CI/CD pipelines and work with DevOps teams to shift security testing left
- Assist in defining security acceptance criteria and contributing to secure design reviews for new features and systems
- Support periodic penetration testing engagements and red team exercises as needed
- Contribute to security metrics and reporting for leadership on vulnerability trends and remediation velocity
- 3–5 years of experience in application security, security engineering, or a closely related role
- Hands-on experience with commercial Web Application Scanning (WAS) and Vulnerability Management tools.
- Solid understanding of common vulnerability types including those in the OWASP Top 10, CWE/SANS Top 25, and CVE ecosystem
- Ability to read and understand code in the team's core languages — Python, JavaScript, C#, .NET, HTML, and PowerShell — to validate findings and assess exploitability
- Experience with SAST tools and/or DAST tools (e.g., Burp Suite, OWASP ZAP)
- Strong written and verbal communication skills — you can explain a SQL injection vulnerability to a developer who has never heard the term
- Familiarity with CI/CD pipelines and DevSecOps practices
- Experience with ServiceNow for vulnerability tracking and workflow management
- Familiarity with GitHub and GitHub Advanced Security (GHAS) — including code scanning, secret scanning, and Dependabot alerts
- Relevant certifications CEH, GWEB, GWAPT, CompTIA Security+, or similar
- Experience with cloud environments (AWS, Azure, or GCP) and container security scanning
- Knowledge of compliance frameworks such as ISO 27001
- Scripting or automation experience (Python, Bash, or similar) for extending tooling or automating workflows
- Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA)
At Jacobs we value people. Having the right balance of belonging, career and lifestyle enables us to consistently deliver and exceed clients’ expectations.
Working alongside industry leaders, you will have the opportunity to develop your career working on key projects in an environment which encourages collaboration, knowledge sharing and innovation. To support your professional growth, Jacobs flexible working arrangements, extended leave options and a host of social, health and wellbeing events and initiatives will underpin our commitment to you.
At Jacobs it’s all about what you do, not where you are, which counts!
We value collaboration and believe that in-person interactions are crucial for both our culture and client delivery. We empower employees with our hybrid working policy, allowing them to split their work week between Jacobs offices/projects and remote locations enabling them to deliver their best work.
Your application experience is important to us, and we’re keen to adapt to make every interaction even better. If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team via Careers Support.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search