The Application Security Analyst is responsible for conducting vulnerability assessments on the organization's applications and working with application development and support teams to coordinate remediation. This role will work closely with the application development teams to assess applications in development as well as in production. This individual will also need to work across several application vulnerability assessment capabilities and help application teams to adopt secure development best practices. The Application Security Analyst will help define and drive the implementation of these capabilities and work to integrate application security processes within the SDLC.
Principal Responsibilities and Essential Duties:
- Application of secure code practices. Ensuring compliance with secure coding practices. Ensuring products and services are scanned for defects and security issues. Ensuring those defects and security issues are resolved. Coordination with DevOps, Software Engineering and Development teams on remediating defects that are related to security issues.
- Training Developers on secure code practices. Ensuring the SDLC includes secure coding methodology. Ensures that the user community understands and adheres to necessary procedures to maintain security
- Performs root cause analysis of complex application security issues and provides recommendations to stakeholders on the best course of action to remedy the problem.
- Performs ongoing application security reviews to ensure compliance with internal security standards and regulatory requirements
- Assist in responses to external audits, penetration tests and vulnerability assessments.
- Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
- Completes all responsibilities as outlined on annual Performance Plan.
- Completes all special projects and other duties as assigned.
- Must be able to perform duties with or without reainable accommodation.
- Experience with agile development methodologies. Scrum, Kanban, sprint iterative. Good grasp of multiple programming and scripting languages. Expertise in Java and/or .NET platforms preferred.
- 3 to 5 Years in Application Security with hands-on exposure to industry standard platform like Sonarcube, Veracode and/or Fortify
- Hands-on experience installing and administering a variety of secure code platforms with proven ability to run static and dynamic application security tests (SAST and DAST
- Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
- Demonstrated knowledge and understanding of Application Security trends and emerging technologies (e.g. Docker, Kubernetes etc.)
- Excellent written communication skils, demonstrating te ability to write with purpose, clarity and accuracy to both technical and non-technical audiences
- Excellent aptitude for problem solving. Self-starter, team player, personable, enthusiastic, hardworking, and enjoy interfacing with external and internal customers on a day to day basis