Applications Security Analyst
The Pegasus Agency
- Parsippany, NJ
Applications Security Analyst
The Application Security Analyst position will closely interact with other members of the Information Security Team, IT team members and Business owners of applications.
Essential Functions & Responsibilities
- Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, and meet with development teams as required.
- Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.
- Develop a formal Application Security Verification Standard.
- Ensure quality web application security audits to ensure internal and industry standards, procedures, and methodologies are being followed.
- Consult with other IT teams as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
- Assist with the creation of training materials to educate developers and other stakeholders about key security concepts.
- Perform routine monitoring and audits of systems
- Lead the Application Risk Assessment program and conduct application risk assessments.
- Maintain and update policies and procedures for Application Risk Assessment program based on HITRUST Security Framework.
- Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Follow detailed operational procedures to appropriately analyze, escalate, and assist in remediation of information security incidents.
- Participate in investigations into problematic activity.
- Participate in the design and execution of security audits.
- Keep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
Technical and Functional
- In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identity and access management
- Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)
- Web application development experience in .NET, C#, Java, Python
- Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers
- Familiarity in application security scanning technologies (Veracode, AppScan, Fortify WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
- Ability to effectively work as part of a cohesive and agile team
- Familiarity with cloud-based (e.g., AWS, Azure) application development services and tools
- Excellent problem solving skills required
- Self-starter with the ability to work with minimal supervision
- Detailed, control oriented, and thorough
- Excellent communication skills (written, verbal) and be able to work with both highly technical and non-technical individuals
Knowledge or an understanding of Third-Party Risk Management
Experience, Education and Certifications Required
Tuesday, December 8, 2020