IT Applications Security Analyst
This position is part of our Information Security Team and will be responsible for a variety of responsibilities including system and application risk assessments. This is a mid level role under moderate supervision, which will work with a variety of functions within the department. This position will include responsibilities for penetration testing and application security.
- Perform technology risk assessment activities and audits of systems, applications, infrastructure and operational processes.
- Be an active member in hunting for information security vulnerabilities with Applications and Infrastructure
- Work with Application Development teams to integrate information security with development pipelines
- Building of application and data security guardrails with cloud-based working environments like Microsoft’s Azure
- Implement, validate, and monitor in-line source code security scanning tools within development processes pre-production deployments
- Analyze Internet Attack Surface by utilizing pre-and-postproduction Qualys Application Security scan results and work with Application Development Leaders and Developers to change and update the source code and applications
- Ensure the security of internal and external applications to prevent hackers or malicious systems from attempting to disrupt the integrity of IT applications
- Calibrate business systems to adhere to best practice security hardening configuration baselines
- Monitor threat intelligence feeds and translate into operational indicators and defenses
Additional Responsibilities and Required Experience
- At least 3 years of application development and 4 years of security experience
- Experience with cyber threat research and analysis
- Experience with vulnerability scanning tools.
- Knowledge of information security policy, standards and industry best practices
- Assist with information security incident response activities.
- Assist Application Development with leveraging centralized Identity Management systems
- Daily administrative tasks, reporting and communication with relevant departments
- Act as first-line triage for security incidents that are raised from Managed Security Services Provider
- Have knowledge and experience working with external penetration testing
- Background in IT Infrastructure a must to understand a modern company’s attack surface
- Azure working environment skills and understanding of secure deployment of such environments
- Application Development experience strongly preferred
- Security and/or privacy certifications a plus
- Understanding of TCP/IP stack