Application Security Analyst

Addison Group

We are searching for a detail-oriented Application Security Analyst to join our Security Team. The ideal candidate will have an established work history in the field of information security with a focus on web application security methods.
  • Work with developers to refine security checkpoints in the SDLC that are based on the PCI Data Security Standard and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
  • Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
  • Understand how to identify, exploit and remediate common application vulnerabilities through use of tools and code reviews.
  • Work with information security analysts to refine web application penetration testing methods and breadth of security services.
  • Perform penetration tests on web and mobile applications.
  • Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
  • Create automation tools with programming languages.
  • Assist with periodic security risk assessments, IT security audits, and management reporting.
  • Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
  • Act as cryptographic key manager.
  • Able to manage Application Security/ Threat Assessment with/without tools and Recommendation.
  • Higher education in information security or computer science is desired, but can be substituted with a broader background in information security disciplines.
  • Related certifications from the PCI, ISC2, ISACA, or GIAC organizations are a plus.
  • Passion for application security.
  • Established work history as an information security practitioner.
  • Demonstrated proficiency in software development, experience in at least one major programming language and one major scripting language.
  • Familiarity with relational and distributed databases.
  • Work experience with the PCI Data Security Standard and ITGC with a focus on web application security methods.
  • Security risk assessment and systems security audit work experience.
  • Knowledge of cryptographic keys.
  • Experience working with dynamic and static security tools.
  • Strong knowledge of web application vulnerabilities, exploits and remediation techniques.
Subscribe Now