Application Security Analyst
We are searching for a detail-oriented Application Security Analyst to join our Security Team. The ideal candidate will have an established work history in the field of information security with a focus on web application security methods.
- Work with developers to refine security checkpoints in the SDLC that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
- Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Understand how to identify, exploit and remediate common application vulnerabilities through use of tools and code reviews.
- Work with information security analysts to refine web application penetration testing methods and breadth of security services.
- Perform penetration tests on web and mobile applications.
- Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
- Create automation tools with programming languages.
- Assist with periodic security risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
- Act as cryptographic key manager.
- Able to manage Application Security/ Threat Assessment with/without tools and Recommendation.
- Higher education in information security or computer science is desired, but can be substituted with a broader background in information security disciplines.
- Related certifications from the PCI, ISC2, ISACA, or GIAC organizations are a plus.
- Passion for application security.
- Established work history as an information security practitioner.
- Demonstrated proficiency in software development, experience in at least one major programming language and one major scripting language.
- Familiarity with relational and distributed databases.
- Work experience with the PCI Data Security Standard and ITGC with a focus on web application security methods.
- Security risk assessment and systems security audit work experience.
- Knowledge of cryptographic keys.
- Experience working with dynamic and static security tools.
- Strong knowledge of web application vulnerabilities, exploits and remediation techniques.