CF59- SENIOR APPLICATION SECURITY ANALYST

Chicago, IL 60606

Posted: 06/03/2022 Industry: Security Job Number: 38164

Job Description


Senior Application Security Analyst

#CF59

 

Location: CHICAGO, IL

Duration: PERMANENT

 

 

Job Responsibilities:

As a Senior Application Security Analyst, you will:
  • Work closely with Application Development, Quality Assurance, Technical Services and business teams to ensure our solutions are highly secure
  • Leverage your advanced application security knowledge when leading security review sessions, participating in design sessions, defining functional requirements, and developing testing scenarios
  • Ensure that risks are identified
  • Partner with the Application Development teams to ensure mitigation plans are developed and executed
  • Embrace and recommend secure development practices to reduce design flaws which could lead to exploitation
  • Collaborate with team members on broader information security program maturity efforts, strategic thinking, and other security-related initiatives

 

JOB RESPONSIBILITIES:
  • Responsible for application security standards, assessments and code review as part of the software development lifecycle
  • Collaborate with teams to perform internal and 3rd-party vulnerability and penetration testing
  • Coordinate with QA testers and developers to conduct repetitive validation testing throughout the development lifecycle
  • Leverage technical application testing capabilities to qualify findings and provide more specific remediation recommendations for resolution while reducing false positives
  • Focus on automation to aid in efficiencies with testing and remediation of security findings
  • Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing
  • Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place
  • Drive security awareness and evaluation earlier in the development lifecycle
  • Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed
  • Utilize security standards and implementation configurations, and common security frameworks
  • Align with architects and development teams for a mission of secure design
  • Actively participate and lead security team meetings that facilitate secure design
  • Address service and escalation tickets within SLA expectations
  • Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted
  • Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes
  • Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle
  • Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls
  • Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software
  • Assist with periodic security risk assessments, IT security audits, and management reporting
  • Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms
  • Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status
  • Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders

 

REQUIRED QUALIFICATIONS
  • BA / BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture
  • Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts
  • DAST / SAST / IAST solution evaluation, selection, implementation, operational use
  • Microsoft Azure and Dynamics 365 roles, permissions definition and provisioning
  • Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams
  • Experience with Agile and DevOps development principles and processes
  • Understanding of all phases of product, software, and testing lifecycles
  • Clear and concise verbal and written communication skills
  • Excellent presentation skills
  • Ability to flow smoothly between strategic planning and tactical execution
  • .NET development or support experience highly preferred

 

PREFERRED QUALIFICATIONS
  • 3+ years of experience in healthcare, finance or benefits administration
  • Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools
  • Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions
  • Knowledgeable in SDLC, Agile and/or Waterfall methodologies
  • Knowledge of threat modeling and countermeasures
  • Experience with conducting Security Code Reviews
  • General knowledge of databases, applications, system interfaces, and operating systems
  • Understanding of relational databases, structures and design
  • Moderate SQL knowledge
  • JAVA development or support experience
  • Experience with forensics and vulnerability management systems
  • Industry education and/or certifications are preferred

 

OTHER VALUED SKILLS
  • Ability to read and understand code, and ability to script
  • Familiarity with Web Application Firewalls
  • Ability to work independently and in a team-oriented, collaborative environment
  • Must be able to learn, understand and apply new technologies
  • Knowledge of application development security best practices as they relate to policies and procedures, configuration, and implementation
  • Knowledge of cloud environments including security, configuration, and management

 

 

 

 

 

 

Job Requirements

ARRAY(0x7f2178cbcdc8)

Meet Your Recruiter

Michele Gregerson

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.