IT Applications Security Analyst

Information Technology Bala Cynwyd, Pennsylvania Remote (Home Office), United States


Description

Overview:

This position is part of our Information Security Team and will be responsible for a variety of responsibilities including system and application risk assessments. This is a mid level role under moderate supervision, which will work with a variety of functions within the department. This position will include responsibilities for penetration testing and application security.  

Primary Responsibilities

  • Perform technology risk assessment activities and audits of systems, applications, infrastructure and operational processes.
  • Be an active member in hunting for information security vulnerabilities with Applications and Infrastructure
  • Work with Application Development teams to integrate information security with development pipelines
  • Building of application and data security guardrails with cloud-based working environments like Microsoft’s Azure
  • Implement, validate, and monitor in-line source code security scanning tools within development processes pre-production deployments
  • Analyze Internet Attack Surface by utilizing pre-and-postproduction Qualys Application Security scan results and work with Application Development Leaders and Developers to change and update the source code and applications
  • Ensure the security of internal and external applications to prevent hackers or malicious systems from attempting to disrupt the integrity of IT applications
  • Calibrate business systems to adhere to best practice security hardening configuration baselines
  • Monitor threat intelligence feeds and translate into operational indicators and defenses

Additional Responsibilities and Required Experience

  • At least 3 years of application development and 4 years of security experience
  • Experience with cyber threat research and analysis
  • Experience with vulnerability scanning tools.
  • Knowledge of information security policy, standards and industry best practices
  • Assist with information security incident response activities.
  • Assist Application Development with leveraging centralized Identity Management systems
  • Daily administrative tasks, reporting and communication with relevant departments
  • Act as first-line triage for security incidents that are raised from Managed Security Services Provider
  • Have knowledge and experience working with external penetration testing
  • Background in IT Infrastructure a must to understand a modern company’s attack surface
  • Azure working environment skills and understanding of secure deployment of such environments
  • Application Development experience strongly preferred
  • Security and/or privacy certifications a plus
  • Understanding of TCP/IP stack