Information Security Senior Analyst, Application Security

Description : Job Description :

Job Description : GENERAL SUMMERY :

GENERAL SUMMERY :

Responsible for performing static and dynamic application security testing in order to identify vulnerabilities in applications that are storing, processing, or handling DG data.

This includes applying an appropriate security risk rating based on compensating controls and other mitigating factors, and identifying and conveying vulnerabilities in a manner that clearly defines the security risk to a given application - while providing developers additional guidance as to how a vulnerability should be remediated and properly re-tested to validate the effectiveness of remediation efforts.

DUTIES & RESPONSIBIILTIES :

• Perform static and dynamic application security testing using a combination of commercial, open-source, and manual testing methods.
• Conduct application security risk and compliance reviews and analysis identify, recommend, and track progress of security risk mitigation plans while collaborating with IT and business units to drive risk mitigation plans to completion.
• Represent the information security department through pragmatic consultation and participation in a defined SDLC, promoting application security best practices and standards.

KNOWLEDGE, SKILLS, & ABILITIES :

• Strong understanding of current and emerging application security and general information security best practices, technologies, techniques, trends, threats, and countermeasures, to include application security aspects related to cloud technologies.
• Strong, effective written and oral communications skills and able to communicate to technical and non-technical audiences across multiple levels.
• Strong, hands-on experience performing static and dynamic application security tests, assessments, etc. using commercial and other tool sets, manual testing methods, etc.
• Strong negotiation skills (e.g., driving internal security recommendations, external vendor action, etc.).
• Strong understanding of effective, pragmatic application security controls and related industry (e.g. OWASP) best practices risk management and compliance strategies and techniques and PCI, HIPAA, and SOX regulatory requirements.
• Solid understanding of agile and waterfall development methodologies and the efficient and effective integration of application security design and testing processes.
• Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
• Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel as needed (up to 5%).

WORK EXPERIENCE AND / OR EDUCATION :

College degree or equivalent experience in information security with a minimum 5 years current / recent application security experience.

Active CISSP or CSSLP certification preferred.

• Extensive hands-on experience in static and dynamic application security testing using a variety of manual testing methods, commercial and non-commercial tools, best-practice security frameworks (e.g., OWASP ASVS), etc.
• Foundational experience with host operating systems, networking principles, web application firewalls, and associated security controls network / system vulnerability scanning tools security information and event management (SIEM) privileged user management (PUM) and governance risk and compliance (GRC).

Candidate Must Have : undefined