Job Description
Junior Business Analyst - Security Development Lifecycle Job Description ThunderYard is seeking a motivated Junior Business Analyst to support the operationalization of the Security Development Lifecycle (SDL) framework. Reporting directly to the Lead Business Process Engineer, this role will provide critical analytical and documentation support to ensure the successful implementation and adoption of security practices throughout our client's application development processes. The Junior Business Analyst will assist in conducting discovery activities, documenting current-state processes, analyzing data collected from stakeholders, and creating supporting materials that enable development teams to adopt SDL practices. This position offers an excellent opportunity for a professional early in their career to gain hands-on experience in application security, business process analysis, and federal cybersecurity transformation while working alongside experienced security and process engineering professionals. Key responsibilities include Discovery Support: Assist in conducting discovery sessions with application development teams, security personnel, and Bureau stakeholders to document existing SDL services, security practices, and development workflows across Treasury Data Collection and Analysis: Gather and organize information on current security testing tools, secure coding practices, threat modeling approaches, and security gate processes used across different Treasury applications and development teams Process Documentation: Create detailed process documentation including workflow diagrams, procedure guides, and process maps that illustrate current-state SDL activities and proposed future-state processes Gap Analysis Support: Support the identification of gaps in current SDL coverage by comparing existing practices against industry standards (NIST SSDF, OWASP), documenting findings, and organizing gap data for senior team review Stakeholder Coordination: Schedule and coordinate meetings, interviews, and working sessions with development teams and security stakeholders; maintain meeting notes and action item tracking Requirements Gathering: Assist in gathering and documenting security requirements, acceptance criteria, and tool requirements for each phase of the SDL framework Training Materials Development: Support the creation of training materials, quick reference guides, job aids, and SDL adoption resources for development teams Metrics and Reporting: Collect and organize data related to SDL adoption metrics, security testing results, and framework effectiveness; assist in creating reports and dashboards for leadership visibility Tool Research: Research security testing tools (SAST, DAST, SCA) and document capabilities, integration requirements, and best practices to support tool selection and implementation decisions Documentation Management: Maintain SDL documentation repositories, ensure version control, and organize reference materials for easy access by development teams and stakeholders Required Education Bachelor's degree in Business Administration, Information Systems, Computer Science, Cybersecurity, or related field Required Experience: Minimum 4 years of experience in business analysis, technical writing, process documentation, or related analytical roles Experience working with technical teams or in IT/cybersecurity environments (internships, co-ops, or entry-level positions acceptable) Demonstrated ability to gather requirements, document processes, or create technical documentation Experience conducting stakeholder interviews or facilitating working sessions Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Visio) for documentation and analysis Ability to create process flow diagrams and workflow documentation Strong research and analytical skills with attention to detail Basic understanding of software development concepts and lifecycles Familiarity with cybersecurity terminology and concepts Ability to learn new tools and technologies quickly Ability to obtain and maintain a federal public trust Willingness to on-site at Treasury-designated locations in Washington, D.C. area (estimated 1-2 Days per Week) Position Nice to Have Requirements Active Public Trust for Department of Treasury Master's degree in Business Administration, Information Systems, or related field (in progress or completed) Certifications: – Entry Level Analyst (ELA) certification – CompTIA Security+ or similar foundational security certification – IIBA Entry Certificate in Business Analysis (ECBA) <