As a key member of the Information Security Team, The Application Security Analyst will be responsible for addressing information security requirements during all aspects of the application development process. Key responsibilities include finding, validating, and remediation of security vulnerabilities on strategic development projects. The Application Security Analyst will also be developing security standards, influencing projects during all phases of the SDLC, using application vulnerability assessment tools, and performing code reviews.
- Conduct web application security scans, analyze results, prioritize vulnerabilities, and research and propose remediation steps.
- Find and assist with remediation of application vulnerabilities by reviewing source code.
- Provide quality web application security audits across the various IT functions to ensure quality standards, procedures and methodologies are being followed.
- Participate in application design and architecture reviews.
- Deliver security training and education to technical staff.
- Assist with the current SDLC processes and make recommendations for alignment with future state architecture.
- Work closely with development teams, security operations, and PMO to help drive the SDLC strategy.
- Monitor and distribute security notifications in adherence with the established notification/security information sharing protocols.
- Assist with documenting security policies, standards, and guidelines based on the organization’s requirements and compliance objectives.
- Facilitate, coordinate, and maintain project schedules, plans, and scope using standard project management methodologies.
Availability to provide off-hours support as needed
Education and Experience:
- 3-5 years of experience in Information Security
- Bachelor’s degree in computer science or related field
- Experience with Java, or .NET development platforms
- Experience with industry standard application security testing tools such as IBM AppScan, HP Fortify, WebInspect, Burp Suite, etc.
- In depth knowledge of web application vulnerabilities and exploitation techniques
- Knowledge of OWASP, SDLC, Encryption, Identity and Access Management, data integrity measures
- Deep knowledge of integration between Security and System Development Life Cycle
- Basic system administration experience with Linux and Windows Operating Systems a plus
- Knowledge of scripting a plus
- Security-related certifications a plus (CISSP, CEH, OSCP)
- Experience with industry standard frameworks, best practices, and compliance regulations (ISO, NIST, PCI, SOX, etc.)