Applications Security Analyst

Parsippany NJ

The Application Security Analyst position will closely interact with other members of the Information Security Team, IT team members and Business owners of applications.

Essential Functions & Responsibilities

• Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, and meet with development teams as required.
• Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.
• Develop a formal Application Security Verification Standard.
• Ensure quality web application security audits to ensure internal and industry standards, procedures, and methodologies are being followed.
• Consult with other IT teams as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
• Assist with the creation of training materials to educate developers and other stakeholders about key security concepts.
• Perform routine monitoring and audits of systems

• Lead the Application Risk Assessment program and conduct application risk assessments.
• Maintain and update policies and procedures for Application Risk Assessment program based on HITRUST Security Framework.
• Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
• Follow detailed operational procedures to appropriately analyze, escalate, and assist in remediation of information security incidents.
• Participate in investigations into problematic activity.
• Participate in the design and execution of security audits.
• Keep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations

Essential Qualifications

 Technical and Functional

• In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identity and access management
• Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC)
• Web application development experience in .NET, C#, Java, Python
• Experience reviewing code for vulnerabilities in .NET, Java, C#, Javascript/jQuery
• Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers
• Familiarity in application security scanning technologies (Veracode, AppScan, Fortify WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
• Ability to effectively work as part of a cohesive and agile team
• Familiarity with cloud-based (e.g., AWS, Azure) application development services and tools
• Excellent problem solving skills required
• Self-starter with the ability to work with minimal supervision
• Detailed, control oriented, and thorough
• Excellent communication skills (written, verbal) and be able to work with both highly technical and non-technical individuals

Other Skills

Knowledge or an understanding of Third-Party Risk Management

Experience, Education and Certifications Required

• 5-7 years of application security experience
• 3+ year of application development experience

Required Educational Level

• BS Degree in Computer Science or related field

   

  Other Certification

   

• At least one Security Certification - GWAPT, CISSP, CCSP

   

   

   

Posted On: Tuesday, December 8, 2020