Senior Information Security Analyst
Prestigious Central NJ based investment firm is seeking an experienced Info Security professional to join our growing team in a newly created role.
Reporting to the Senior Information Security Architect, the Application Security Analyst is responsible for identifying application vulnerabilities, assessing their risk, and working with developers, quality assurance analysts, project control officers, scrum masters, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities. The Analyst will also be responsible for the implementation and maintenance of testing tools and improving our automated testing processes and reporting.
The Application Security Analyst position will closely interact with other Information Security team members, as well as Application Delivery and Technology Operations team members, and Business Owners of applications. Responsibilities will include:
- Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.G. Jira), and meet with development teams as required.
- Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools. This includes their integration points with Jira, GRC, and quality assurance systems.
- Work with Management and Application Delivery to develop a formal Application Security Verification Standard.
- Ensure quality web application security audits across IT to ensure internal and industry standards, procedures, and methodologies are being followed.
- Consult with Application Delivery and Technical Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
- Assist with the creation of training materials to educate developers and other stakeholders about key security concepts using a variety of media.
- Keep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments; proactively address internal control concerns and best practices
- Bachelor' s Degree
- 3+ years of application security experience
- 3+ year of development experience
- In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identify and access management
- Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)
- Web application development experience in .NET, C#, Java, Python
- Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers
- Familiarity in application security scanning technologies (Veracode, AppScan, Fortify, WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
- Ability to effectively work as part of a cohesive and agile team
- Familiarity with cloud-based (e.G., AWS, Azure) application development services and tools
- Excellent problem solving skills required
- Self-starter with the ability to work with minimal supervision
- Detailed, control oriented, and thorough
- Excellent communication skills (written, verbal) and be able to work with both highly technical and non-technical individuals
- Certifications (e.G., GWAPT, CISSP, CCSP) are preferred