Job Title: Security Tool Analyst (Fresher)

Location: Gurgaon
About Us:
ArmorCode is charting the future of security posture and vulnerability management. The ArmorCode
Platform unifies application security, infrastructure vulnerability management, and supply chain security to
address the biggest problems security teams face today. It integrates with your security ecosystem to
identify, articulate, and remediate your most critical risks in a single platform so security and development
teams can realize holistic visibility, scalable agility, and cross-team collaboration.
‍Enterprises of all sizes scale their security effectiveness by 10x and maximize their ROI on existing
security investments with ArmorCode through Application Security Posture Management, Risk-Based
Vulnerability Management, and Supply Chain Security.ArmorCode - Unify Application Security and
Vulnerability Management.

Job Description:

As a Security Tool Analyst , you will be responsible for evaluating predefined security tools as directed by
our product management team with a focus on their APIs and integration capabilities. Your primary focus
will be on assessing the effectiveness, features, and suitability of these tools for integration into our
security solutions.

● Conduct comprehensive research and exploration of new security tools, technologies, and APIs,
evolving from API explorers to tool integration experts within the SDLC.
● Evaluate and rigorously test security tools and APIs, assessing their effectiveness, compatibility,
and potential for integration into our security toolkit, ensuring they meet core use cases for both
development and QA teams.
● Develop and implement proof-of-concept projects that demonstrate the capabilities and benefits
of selected tools and APIs, extending their involvement to the entire software development
lifecycle, including UAT testing and implementation.
● Actively participate in User Acceptance Testing (UAT) of tools upon their implementation, focusing
on covering core use cases and ensuring alignment with development and testing needs.
● Engage in Root Cause Analysis (RCA) for issues encountered during tool integration and use,
providing valuable feedback and insights to both the tool team and broader development teams to
refine and optimize tool utilization.
● Collaborate closely with development and QA teams to identify and document core use cases for
each tool, facilitating better understanding and usage across the organization.
● Maintain and manage a central wiremock server for the APIs of tools integrated into the security
and development processes, ensuring accessibility and usability for all teams, including
development, QA, and automation.
● Serve as Subject Matter Experts (SMEs) on the security tools and their applications across
different security programs, maintaining visibility and involvement throughout all changes and
developments in tool implementation and usage.
● Foster cross-team collaboration, ensuring the Tool Exploration Team's involvement in all phases
of tool development, implementation, and optimization, from initial API exploration to
post-deployment enhancements based on real-world use and feedback.
Responsibilities:

● Conduct research and exploration of new security tools, technologies, and APIs.
● Evaluate and test security tools and APIs to assess their effectiveness and suitability for
integration into our security toolkit.
● Develop proof-of-concept implementations to demonstrate the capabilities and benefits of
selected tools and APIs.
● Provide recommendations and insights to the dev-team on the adoption and implementation of
new security tools and APIs.
● Stay informed about emerging trends and advancements in the integrated security tools and
APIs.
● Documentation around security tools.
a) Detailed descriptions of the functionality and features of each tool and relevant APIs.
b) Evaluation criteria used for assessing the effectiveness and suitability of tools and APIs.
c) Recommendations for implementation, including integration strategies, configuration
settings, and best practices.

Requirements:

● Bachelor's degree in Computer Science, Information Security, or related field.

● Strong understanding of web application security principles and common vulnerabilities (e.g.,
OWASP Top 10).
● Familiarity with DAST and SAST tools such as Burp Suite, OWASP ZAP, Veracode, Checkmarx,
etc.
● Knowledge of Software Composition Analysis (SCA) tools (e.g., Black Duck, Snyk, WhiteSource).
● Experience with threat modeling methodologies and tools.
● Familiarity with Infrastructure as Code (IaC) tools such as Checkov, Kics, Snyk etc.
● Familiarity with CSPM, Endpoint security, Container security tools and concepts.
● Exposure to Runtime Application Self-Protection (RASP), IAST tools and techniques.
● Excellent analytical and problem-solving skills.
● Strong communication and collaboration skills.
● Ability to work effectively in a fast-paced and dynamic environment.

Preferred Qualifications:

● Relevant internships or projects in application security.

● Certifications such as CEH, CompTIA Security+, or equivalent. Certifications are not mandatory.
● Experience with DevOps practices and CI/CD pipelines.
● Familiarity with cloud platforms such as AWS, Azure, or Google Cloud.