SENIOR APPLICATION SECURITY ANALYST

Project description The Application Security Analyst 3 will understand how to identify, exploit, and remediate complex application vulnerabilities through use of tools and code review.
They will do this by using penetration testing skills, tools, and methodology to test new applications and services.
They will enforce secure development standards and requirements and will specifically act as an escalation point for any non-compliance that could not be resolved at the Analyst 1 or 2 levels.
They will hold application security development projects and discussions as needed and will utilize SAST/DAST and other products to identify and document security vulnerabilities.
They will perform research on new security trends, tools, and techniques to improve existing processes and will prioritize, track assign, and drive the remediation of security issues.
They will act in a leadership capacity when required to Interface with development teams to provide guidance and feedback on identified vulnerabilities.
They will also help new team members acclimate to job role and responsibilities and will act as an escalation for any issues not resolved by Application Security Analysts 2.
Responsibilities tPartner with the company's Product, Software Engineering, DevOps, and IT teams.
tPerform application security risk assessments, automate security testing, and guide development teams on secure coding practices.
tDeliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CI/CD pipelines.
tDevelop functional and non-functional security requirements, including delivering secure applications and services, that strike a balance of product usability.
tFoster and enable a secure by default culture.
SKILLS Must have tMinimum of 3 years of experience in software development and implementing security into SDLC processes.
tAdditional minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
tComprehensive knowledge, experience, & understanding of testing for the OWASP Top 10 or CWE Top 25, including secure code remediation.
tExcellent interpersonal communication skills.
Can explain very technical topics to all audiences and break down vulnerabilities to both developers and leadership.
tPersonal passion for security and cutting edge security concepts.
nRequired Skills.
tStrong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
tExperience with evaluating, deploying, and managing application security tools (e.
.
DAST, SAST, IAST, SCA).
tAbility to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks.
Nice to have - Insurance domain •tPartner with the company's Product, Software Engineering, DevOps, and IT teams.
•tPerform application security risk assessments, automate security testing, and guide development teams on secure coding practices.
•tDeliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CI/CD pipelines.
•tDevelop functional and non-functional security requirements, including delivering secure applications and services, that strike a balance of product usability.
•tFoster and enable a secure by default culture.
•tMinimum of 3 years of experience in software development and implementing security into SDLC processes.
•tAdditional minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
•tComprehensive knowledge, experience, & understanding of testing for the OWASP Top 10 or CWE Top 25, including secure code remediation.
•tExcellent interpersonal communication skills.
Can explain very technical topics to all audiences and break down vulnerabilities to both developers and leadership.
•tPersonal passion for security and cutting edge security concepts.
nRequired Skills.
•tStrong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
•tExperience with evaluating, deploying, and managing application security tools (e.
.
DAST, SAST, IAST, SCA).
•tAbility to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks.