CF46 - Application Security Analyst

Posted: 01/12/2021 Industry: Security Job Number: 33672

Job Description

Application Security Analyst



Location: Chicago, IL

Duration: Permanent


Position Description

As a Senior Application Security Analyst, you will work closely with Application Development, Quality Assurance, Technical Services and business teams to ensure our solutions are highly secure. You will leverage your advanced application security knowledge when leading security review sessions, participating in design sessions, defining functional requirements, and developing testing scenarios. You will ensure that risks are identified, and partner with the Application Development teams to ensure mitigation plans are developed and executed. You will embrace and recommend secure development practices to reduce design flaws which could lead to exploitation.


Additionally, as a member of the Cybersecurity team you will collaborate with team members on broader information security program maturity efforts, strategic thinking, and other security-related initiatives.


Duties and Responsibilities
  • Responsible for application security standards, assessments and code review as part of the software development lifecycle
  • Perform vulnerability and penetration testing
  • Document security findings with reasonable methods to remediate
  • Focus on automation to aid in efficiencies with testing and remediation of security findings
  • Work with QA testers and developers to conduct repetitive validation testing prior to release to production
  • Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing
  • Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place
  • Drive security awareness and evaluation earlier in the development lifecycle
  • Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed
  • Utilize security standards and implementation configurations, and common security frameworks
  • Align with architects and development teams for a mission of secure design
  • Actively participate and lead security team meetings that facilitate secure design
  • Address service and escalation tickets within SLA expectations
  • Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted
  • Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes
  • Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle
  • Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls
  • Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software
  • Assist with periodic security risk assessments, IT security audits, and management reporting
  • Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms
  • Log and update all security incidents in the company’ s ticketing system and update management regularly on the threats, mitigation plans, and status
  • Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders


Required Qualifications
  • BA/BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture
  • Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts
  • DAST/SAST/IAST solution evaluation, selection, implementation, operational use
  • Microsoft Azure and Dynamics 365 roles, permissions definition and provisioning
  • Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams
  • Experience with Agile and DevOps development principles and processes
  • Understanding of all phases of product, software, and testing lifecycles
  • Clear and concise verbal and written communication skills
  • Excellent presentation skills
  • Ability to flow smoothly between strategic planning and tactical execution


Preferred Qualifications
  • 3+ years of experience in healthcare, finance or benefits administration
  • Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools
  • Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions
  • Knowledgeable in SDLC, Agile and/or Waterfall methodologies
  • Knowledge of threat modeling and countermeasures
  • Experience with conducting Security Code Reviews
  • General knowledge of databases, applications, system interfaces, and operating systems
  • Understanding of relational databases, structures and design
  • Moderate SQL knowledge
  • .NET development or support experience
  • JAVA development or support experience
  • Experience with forensics and vulnerability management systems
  • Industry education and/or certifications are preferred


Additional Valued Skills
  • Ability to read and understand code, and ability to script
  • Familiarity with Web Application Firewalls
  • Ability to work independently and in a team-oriented, collaborative environment
  • Must be able to learn, understand and apply new technologies
  • Knowledge of application development security best practices as they relate to policies and procedures, configuration, and implementation
  • Knowledge of cloud environments including security, configuration, and management

Meet Your Recruiter

Courtney Jones

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.