Application Security Analyst

IT & Security Yarmouth, Maine


Description

Tyler Technologies is seeking a highly motivated and skilled Application Security Analyst to join our dynamic team. As an Application Security Analyst, you will play a crucial role in administering security scanning tool environments, managing vulnerability assessments, and enhancing the overall security posture of our organization. As an Application Security Analyst, you will work in a fast-paced, results-driven environment with highly skilled and dedicated teams committed to transformational change.   

The individual will be expected to have an overall knowledge of industry security best practices, security frameworks, and security assessment tools. This includes working closely with development teams to provide feedback as it relates to application security scanning and improving the assessment processes. The successful candidate must be a collaborative team player with excellent communication skills and a strong customer experience focus.   

Responsibilities   

  • Execute project plans and maintain scope, schedule, and each party’s responsibilities.
  • Catalog and maintain a list of application products.
  • Work through reported enterprise-wide security vulnerabilities.
  • Conduct planning sessions with key development leaders to identify security gaps and findings.
  • Maintain a vulnerability tracking platform for all Tyler products.
  • Consult for development groups and recommend mitigation techniques for known and upcoming application and system vulnerabilities.
  • Assist divisions with implementing regular automated security testing as part of their software development life cycle.
  • Perform security scanning assessments on Tyler applications using automated tools.
  • Identify and recommend new techniques, capabilities, and tools for expanding the security scanning services.
  • Assist in the design, management, and improvement of security controls.
  • Help execute projects to increase our overall security posture.

Qualifications   

  • Bachelor’s degree in Cybersecurity, Systems Engineering, Computer Science, Information Systems Management, or similar.
  • Confirmed ability in Application Security, Cybersecurity, or web application frameworks.
  • Knowledge of programming languages such as Java, C#, Javascript, Python, etc preferred.
  • Understanding of DevOps and continuous integration/continuous delivery (CI/CD) pipelines and how to integrate security into the DevOps process.
  • Experience with OWASP top 10, SANS top 25, CVE, CVSS, CWE etc…
  • Understanding of attack vectors for both on-prem and cloud environments.
  • Self-motivated and capable of leading and completing assignments without supervision.
  • Ability to respond to changing priorities and operate effectively in a dynamic environment.
  • Strong interpersonal, verbal, and written communication skills.
  • Strong organizational skills and ability to handle a wide range of tasks and re-prioritize them on short notice.
  • Ability to work independently and collaboratively within a team or remote work setting.
  • Must be passionate about security and continuing education outside of work.
  • The ideal candidate will have advanced knowledge of:
    • Operating system, network, and application security vulnerabilities
    • Testing of OWASP Top Ten Vulnerabilities
    • Current security certifications
    • Using, configuring, installing, and tuning information security applications and appliances.
    • Security testing tools and frameworks (BurpSuite Pro, Kali Linux, SAST/DAST scanners, Sqlmap, Metasploit, nExpose, nmap, SOAPUI)
    • Validating exploits for discovered vulnerabilities
    • Public-sector software products and cloud environments