Job Description Summary The role “Cybersecurity Application Security Analyst Expert“ analyzes the security of applications in tandem with their underlying services. Application security analyst are scanning applications for vulnerabilities, presenting the results to the application teams, and advising on resolutions before the vulnerabilities can be exploited. The analyst combines automated tools with manual testing to validate vulnerabilities and must have a strong technical knowledge of the vulnerabilities found as well as how to remediate and defend against them. The Expert Analyst is also responsible for monitoring program effectiveness, creating effective strategies for future growth, and championing the program to leadership.

Job Responsibilities: Execute and Support the domain operational procedures (communication, coordination and tracking) of Application Security Vulnerabilities. This includes but is not limited to running Application Security Scans (SAST, DAST, etc.). Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.

Participate in leading and defining Application Security practices for the firm promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, and vulnerabilities. Establish enterprise secure code training modules other methods to ensure uniformed secure coding practices by development teams.

Support Application Development teams with results from scans through reviewing findings with Application Teams and document and tracking security findings through remediation.

Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing. Use security standards and implementation configurations, as well as common security frameworks to improve the program.

Focus on application security that observes compliance –Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws.

Required Qualifications: Application development experience in designing and implementing software systems, building mission-critical and highly reliable software (7+ years experience) Application development background in Java/.Net or similar with excellent understanding in mitigating OWASP Top 10 attacks on web applications/services, cryptography, key management, PKI, TLS/SSL, DDoS mitigation, authentication, authorization, and/or general web application security (7+ years experience) Strong understanding of secure/rugged engineering concepts such as secure coding practices and secure code reviews used to identify, mitigate, and prevent threat vectors (5+ years experience) Strong Understanding of vulnerability management lifecycle and process (5+ years experience) Strong Understanding of security architecture and tools which can be leveraged for Application Security mitigation (3+ years) Strong Experience with Security Assessment Toolsets Strong Experience in automation and scripting of applications and systems Strong Knowledge of relational databases and structured query language Strong Knowledge of client/server relationships and multi-tier environments Ability to communicate effectively clearly and concisely to drive change Ability to communicate effectively clearly and concisely verbally and through technical writing Associate Degree