IT Security Analyst
Post Date: 07/06/2017 Job ID: 23999 Industry: Other Area(s)
IT Security Analyst specializing in Application Security.
This position is responsible for information security solution architecture, the mentoring and supporting of security analysts and the development and enforcement of security standards and guidelines relating to application development. This position may consult with developers, leadership, security analysts, and architects in other organizations on emerging technologies and vendor architectural directions related to information security. This position will be responsible for understanding cross-company business needs and designing solutions that meet business requirements while maintaining confidentiality, integrity and availability of information and systems.
Major Job Duties:
Perform functional requirement review, design review
Work collaboratively with all participants in agile software development project and support developers and testers as they set up their build Dev / Test environments
Troubleshoot and resolve issues related to application development, deployment and operations
Perform code review across a variety of programming languages
Identify, communicate, and drive the resolution of vulnerabilities
Serve as a subject matter expert for security in application projects
Performing application vulnerability assessments (SAST and DAST) focused on web and mobile applications Identify application security requirements for projects Developing testing scripts, policies, procedures and standards
Manage third party scans and conduct vulnerability review with the development team
Other security-related projects that may be assigned according to skills
Experience designing Web/Mobile application security testing solutions
At least 3 years of experience in any major DevOps tool- implementation and automation chain (Veracode, Jenkins, Qualys, SonarQube, GitHub).
At least 3 years of experience with web application, web service implementation, infrastructure scans. At least 2 years of experience with SAST (Fortify/Veracode or similar) tools.
Application development background, along with a desire for continued learning for new programming languages, techniques and related security issues.
Familiarity with the OWASP framework and application security best practices.
Understanding of Software Security Architecture and Design, Agile, SDLC and the ability to clearly articulate best practices for application security.
Current holder of CISSP, CASS or other relevant industry certifications.
Experience with developing designs and reference architecture for emerging technology leveraging industry standards.
Ability to convert documented business requirements into conceptual, logical, and physical design documents.
Project management skills.