7501 W Memorial Rd
Job Category: IT
Job Number: 5589
Application Security Analyst
Responsible for information security policy development and maintenance within the company software development lifecycle; design of security policy education, training, and awareness activities; monitoring compliance with security policy and applicable law; and coordinating investigation and reporting of security incidents. Primarily responsible for web application security assessments and code review as part of the software development lifecycle. Works with Application Support, Software Development and Quality Assurance to perform web application pen tests, automated vulnerability assessment scans, risk assessments, and code reviews.
- Monitors information security news for emerging threats and technologies that could have an impact on the security of company processes, systems, and applications.
- Coordinates and executes information security projects.
- Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Protects organization' s value by keeping information confidential.
- Performs web application security assessments, vulnerability scanning and testing.
- Documents and reports on specific duties, activities, problems solved and issues resolved.
- Assists in the development of benchmarks and sets specific goals for the evolution of the security of company systems, processes, and applications.
- Perform and develop security focused training for development team.
- Actively seeks to expand individual skills through research, training, and collaboration with peers.
- Attends meetings and serves on committees, as requested.
- Work flexible hours, including weekends and evenings
- Availability to respond to emergency situations
- Performs additional duties and assignments as requested.
- Bachelor’ s Degree in Computer Science, Engineering or related Field
- Industry Certification (GCIH, GWAPT, GWEB, GPEN, CISSP, GSE etc.) highly preferred
- 5+ years of software development or application security testing experience
- Ability to perform targeted application penetration tests without use of automated tools
- Expert level understanding of OWASP and other software security best practices
- Knowledge of application reverse engineering techniques and procedures
- Experience with application layer assessment tools, such as local proxies and fuzzers
- Experience with threat modeling and security design review methodologies
- Significant experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
- A strong understanding of Unix, Windows and network security skills
- Highly responsive with an ability to handle escalations quickly and professionally
- Strong verbal and written communication skills
- Ability to deliver reporting on and providing fixes to identified vulnerabilities at the code level (developer friendly)
- Interpret and apply laws, regulations and policies
- Work for extended time at keyboard/terminal
- Maintain effective working relationships with supervisor and coworkers