Application Security Analyst
Our client in Central New Jersey has a perm opening for a Information Security Application Analyst.
The Application Security Analyst is responsible for identifying application vulnerabilities, assessing their risk, and working with developers, quality assurance analysts, project control officers, scrum masters, and others responsible for the software development lifecycle to remediate, mitigate, or accept the risk of these vulnerabilities. The Analyst will also be responsible for the implementation and maintenance of testing tools and improving our automated testing processes and reporting.
The Application Security Analyst position will closely interact with other Information Security team members, as well as Application Delivery and Technology Operations team members, and Business Owners of applications.
Responsibilities will include:
- Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems and meet with development teams as required.
- Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.
- Work with Management and Application Delivery to develop a formal Application Security Verification Standard.
- Ensure quality web application security audits across IT to ensure internal and industry standards, procedures, and methodologies are being followed.
- Consult with Application Delivery and Technical Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
- Assist with the creation of training materials to educate developers and other stakeholders about key security concepts using a variety of media.
- Keep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments; proactively address internal control concerns and best practices
- Bachelor's Degree
- 3+ years of application security experience
- 3+ year of development experience
- In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identify and access management
- Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)
- Web application development experience in .NET, C#, Java, Python
- Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers
- Familiarity in application security scanning technologies (Veracode, AppScan, Fortify, WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
- Ability to effectively work as part of a cohesive and agile team
- Familiarity with cloud-based (e.g., AWS, Azure) application development services and tools
- Excellent analytical skills required
- Self-starter with the ability to work with minimal supervision
- Detailed, control oriented, and thorough
- Must possess excellent communication skills (written, verbal) and be able to work with both highly technical and non-technical individuals
- Certifications (e.g., GWAPT, CISSP, CCSP) are preferred