Application Security Analyst

*This is a remote 6+ month contract role, there is no sponsorship, and no 3rd party candidates will be considered*

Prestigious Enterprise Company is currently seeking a Application Security Analyst. Candidate works closely with other members of the Security Services, IT Development Teams and Quality Assurance teams to support application and software security initiatives, projects, and operations. Candidate will be integrating security tools into the development pipeline to support the confidentiality, integrity and availability of enterprise applications.

Responsibilities:

• Assist with application penetration testing
• Assist with retesting vulnerabilities to verify the development teams have remediated
• Review reports of the testing and conduct security risk assessment of the vulnerabilities
• Conduct code scans using automated tools and risk rate the vulnerabilities according to the organization risk profile and mitigating controls.
• Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams
• Assist with application security vulnerability management including implementation of new vulnerability management tools
• Assist in the development of metrics documentation to track the burndown rate of vulnerability remediation
• Assist in the development of security engineering documentation:
• Explore opportunities for updates to Security Engineering policies and standards
• Assist with the development and periodic review of Security controls, policies, and procedures in close coordination with Security managers
• Participate in the improvement of security engineering processes
• Help gather evidence of security testing processes for audits
• Work with development team and Q/A to create development life cycle documentation, provides integrated systems planning which will enhance current systems and support corporate, business and system goals.
• Identify automation opportunities and help with department automation efforts
• Collaborate and brainstorm with the Security Engineering team on new application and application infrastructure technology components

Qualifications:

• Highly motivated individual that assumes ownership of their projects
• Ability to act as a liaison between security and the development, IT, and QA teams.
• Strong desire and capacity to learn and support new technical applications
• Exceptional verbal communication skills that include the ability to articulate ideas clearly and concisely
• Ability to write clear and concise documentation
• Knowledge of security principles Training and/or education preferred
• Experience administering and interpreting results from security scanning tools
• Experience working in the financial industry

Technical Skills:

• Knowledge of Scripting languages including Java, C++, Python, JavaScript, Bash
• Familiarity with application frameworks and their built-in security services and API s (ie, Sun J2EE, MS .NET, OMG CORBA, Spring, etc.)
• Knowledge of automated code scanning tools (ie,) and development pipeline tools (ie,)
• Understanding of security concepts and practices, including those for authentication, authorization, access control and auditing as well as best practices (eg OWASP).Knowledge of Secure DevOps concepts
• Bachelors degree in Cybersecurity, Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience
• 3+ year experience in Security-related roles or equivalent training/knowledge of security best practices and OWASP and NVD
• Experience with SDLC and working with business users, database analysts, system architects, etc., to identify and prioritize requirements

Tagged as: Cation, Security