Description
The Application Security Analyst I position exists to protect the security posture of the Paycom application through tasks such as web application penetration testing, code review, tool use, and other as-needed security reviews.
Additional tasks include work to develop or improve existing projects that contribute to application security, and user education.
RESPONSIBILITIES
- Perform web penetration test assessments and manual code review.
- Utilize security scanners and other automation technology to assess the security posture of the Paycom application and document findings.
- Research 3rd party tools, software libraries, APIs, and other incoming technology for security viability and document any concerns prior to application integration.
- Advise and provide technical guidance to software development teams over security findings and remediation.
- Analyze security findings and escalate complex or recurring issues to other Application Security teams for further research as needed.
- Attend trainings, pursue certifications, and research vulnerabilities, remediations, and new technology to learn and stay up to date on security best practices.
- Contribute to the creation, maintenance, and improvement of documentation around security, policies, standards, guides, and procedures where applicable.
Qualifications
Education / Certification :
Bachelors or Master’s Degree in Management Information Systems, Computer Science or Cyber Security.
Experience :
- Basic understanding of the OWASP Top 10 vulnerabilities.
- General knowledge of information security principles and practices.
- Basic understanding of web server architecture and relevant concepts : HTTP, TLS, DNS, WAF, etc.
- Experience with one or more programming / scripting languages highly recommended : PHP, Python, C#, Java, C++, C, JavaScript, React.
- Basic experience with the following technologies is recommended but not required : SQL (MySQL / MSSQL / Postgres), NoSQL, HTML, CSS
- Basic experience with the following operating systems is recommended but not required : Linux distributions (Ubuntu, Kali Linux, Debian, Red Hat), iOS, Android OS, macOS
- Strong analytical and problem-solving skills.
- Strong verbal and written communication skills
PREFERRED QUALIFICATIONS
Education / Certification :
- Industry Certification (GWAPT, GCIH, Security+, Pentest+, Burp Suite Certified Practitioner, etc.) preferred.
8 days ago