Application Security Analyst in Lindon, UT at HUNTER Technical Resources

Date Posted: 10/25/2019

Job Snapshot

Job Description


Application Security Analyst

Responsibilities:
  • Manage and enforce application and cloud security policy and guidelines
  • Classify applications by business risk and application specific threat models
  • Define control requirements and gates as per application risk profile
  • Perform application security assessments and own application security requirements for product development
  • Review vulnerability scan results and track closure of vulnerabilities
  • Produce and track security metrics
  • Mentor and educate product development and quality engineers on secure development
  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvement
  • Provide inputs to enhance enterprise architecture blueprint and SDLC to incorporate latest developments and changes in security landscape
  • Liaison with Information Security teams to design and implement security solutions across stacks and disciplines, prepare and execute incident response
  • Liaison with compliance team on security requirements from regulatory, PCI, and card brand perspective
  • Lead certification efforts for PCI Secure Software Life Cycle Standard
  • Participate and provide relevant inputs and evidence for internal and external security audits

 

Requirements:
  • A minimum of 5 years experience in cyber security risk analysis and threat modelling.
  • Experience working with DREAD and/or FAIR frameworks preferred
  • Knowledge of Software Security Assurance frameworks preferably OWASP SAMM
  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
  • Experience with vulnerability results analysis and recommended corrective actions
  • Experience with SAST, DAST, Software composition analysis, and Binary fuzzing tools and techniques
  • Experience working with security of applications developed in C#, Java, and web (HTML, CSS, JS, React, REST) technologies
  • Experience creating and managing policy, processes and procedure documents
  • Working knowledge of network/infrastructure security technologies (firewall, IDS/IPS, WAF)
  • Strong analytical, interpersonal and communication skills
  • Ability to train and mentor agile development teams
  • Experience with Fortify On Demand, Burp Suite preferred
  • Knowledge of PCI standards preferred
  • Relevant industry security certification preferred