The Application Security Analyst will partner with developers to conduct application security assessments. The individual will work closely with technical teams and analyze potential security impacts and pitfalls associated with threats and vulnerabilities to applications and systems. Candidate will advise developers and technical teams on options to mitigate the risk. The candidate must have excellent verbal, written and interpersonal communication skills.
Major Responsibilities
1. Perform application code review and provide recommendations to the developers on how to fix the vulnerabilities identified.
2. Write reports including recommendations, root cause analysis, security summary analysis
3. Strong knowledge of API and API security as well as script languages (Python, Perl, Ruby) and build automation tools on an ad-hoc basis
4. Lead projects related to security portfolio to strengthen the overall CyberSecurity posture
5. Write and optimize custom rules on automated source code scanning tools
6. Review business requirements and provide risk based security recommendations during the initial phases of SDLC
7. Perform architecture reviews and Threat Modeling and create assessment reports with recommendations to bridge the security gaps
8.Design and assess SaaS and IaaS cloud services and virtualization technologies, e.g. Amazon Web Services (AWS) and VMWare
9. Experience of building security into continuous integration and delivery (CI/CD) pipeline
10.Learn on the job and explore new technologies with little supervision to identify new and emerging security threats
11. Create and deliver knowledge sharing presentations and documentation to security, developers and operations teams
Qualifications
Education/Experience:
• Requires bachelor's degree in computer science or information security
• Requires a minimum of 6 years of professional IT work experience or a master's degree and 4 years of professional work experience
• Minimum of 3 years of security or developing web applications experience
• Experience reading and understanding code in the following languages such as HTML5, Java, JavaScript, Objective-C, C++, C#, Python, Perl, etc.
Additional licensing, certifications, registrations:
• CISSP, SANS Certifications
• Programming Certifications
Knowledge of:
• Common vulnerabilities in the OWASP top 10 list
• Protocols/technologies such as SOA, HTTP, SSL, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML
• Java Application and Java Application Server administration/tuning
• Amazon Web Services (AWS) and/or VMware vCloud and/or
Skills and Abilities:
• Ability to program in one of the following programming languages: Java, JavaScript, C#, C, C++
• Ability to understand software design algorithms
• Strong knowledge of one or more of the following programming languages: HTML5, Java, Objective-C , C#, C++, SQL is preferred
• Ability to write scripts in languages such as Python, BASH, or PowerShell for automation preferred
• Ability to read and debug code
HOR
ANY GRADUATE