Application Development Security Analyst
So what does a Application Development Security Analyst really do? Think of yourself as someone who will do the application of design reviews, security testing, critical code reviews, remediation and mitigation of audit findings in adherence to standards and safe practices, so not just anyone is qualified for this role! We make sure we get the best of the best, after all, we are a ridiculously good company so we make sure our employees are top notch. So come on, now we need your full concentration because it's time to imagine what it's like being an Application Development Security Analyst.
Imagine yourself going to work with one thing on your mind: you will work in support of the Information Security, Applications Development team, and business units In threat modeling on new and existing products and features to help guide security activities, suggesting preferred implementation patterns and identifying areas of security risk for scrutiny. As you tackle your new tasks for the day, you know that it will lead to one thing your department believes in: that you will review implementation code and perform tests on critical products and features; identify security flaws and suggest remediations based from OWASP and other secure SDLC standards and frameworks.
As an Application Development Security Analyst , you will help architect solutions that are inherently secure (Designing, Threat Modeling, Prototyping). You will correctly balance security risk and product advancement. You will provide engineering designs for new software solutions to help mitigate security vulnerabilities. You will implement, test and operate advanced software security techniques in compliance with technical reference architecture. You will perform ongoing security testing, technical assessments and code review to improve software security. You will conduct research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts. You will assist the development and maintenance of security operations procedures and processes, as well as work with the business units outside of InfoSec to formally document policies and procedures. You will recommend and support deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises. You will work with security engineers for the optimal configuration of network and host-based security platforms in line with compliance and product requirements. You will provide incident response support as needed in response to information security related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related, information systems anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts. You will evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations. You will perform other duties as assigned.
So, do you have what it takes to become an Application Development Security Analyst ?
- We need someone who has at least a bachelor's degree in MIS/Computer Science or Business and/or a combination of education and relevant experience.
- Someone with 8+ years of demonstrated application security experience. Someone with detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
- Strong demonstrated knowledge of web protocols and an in-depth knowledge of Linux/Unix/Windows tools and architecture.
- Someone who demonstrated software development proficiency and comprehension of algorithms and processes for programmatic automation via scripting or programming languages (Python, Ruby, shell, perl, etc.).
- Someone with a well-rounded background in host, network and application security
- Someone who has an understanding of the system hardening processes, tools, guidelines and benchmarks.