|Reference #||18-01788||Title||Application Security Analyst II/III|
|Position Type||Direct Placement|
|Experience Level||Direct Placement|
|Start Date / End Date||28-10-2018 --- 30-11--0001|
This position consults (level II) or leads (level III) the Security Architecture consultation with IT, Project Management, Product Management, Software Development and other peers on Proper Security Architecture and software development practices. They should have some knowledge of programming preferred.
This position consults with IT, Project Management, Product Management, Software Development and other peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and Early Warning Services policies and standards.
" Complete the Identification, measurement, control and minimization of security risks to information systems across a broad range of disciplines including application and host security.
" Evaluates the current methods in use by Early Warning to access and process data via Early Warning customer facing applications.
" Serves as the point of contact for all security issues in assigned areas.
" Works with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.)
" Advises and approves of changes and architectures for assigned areas from a security perspective.
" Assist Security Architecture with the evaluation of product business cases including functional and detailed design specs to ensure security standards are met.
" Assists in the security incident response process as assigned.
" Contributes to the development of Early Warning security policy and procedures.
" Document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally) by assisting in documentation, tracking and creating solutions for mitigation.
" Work with internal and external penetration testing organizations to coordinate application and network based penetration
" Manages efforts with Software Development to perform static code analysis on all custom developed code.
" Support the company's commitment to protect the integrity and confidentiality of systems and data.
" Education and experience typically obtained through completion of a Bachelor's degree in Computer Science, Engineering, Math or Physical Science
" A minimum 2 years of application security experience and 2 years of Security Architecture or Consulting experience.
" Advanced knowledge of relational databases, Windows, and Linux operating systems.
" Effective interpersonal skills, with ability to present to peers and coworkers.
" Advanced knowledge of operating system, application, network, and database security architectures.
" Proficiency in AppSec and Web services security.
" Application development background.
" Delivered talks/presentations or published whitepapers
" CEH/CPT Certification and one of CISSP, CSSLP or equivalent certification.
" Exposure to the Agile SDLC process.
" Advanced experience in analyzing technical issues and making recommendations for corrective action.
" Demonstrate advanced understanding in the field of Information Security in terms of both concepts and technology.
" Ability to manage information security related efforts.
" Advanced understanding of vulnerability exploitation chaining.
" Background and drug screen
" MCSE, SCSA, CCNA or CISA certification
" Unix administration or hobbyist
" Additional related education and/or experience preferred
" Familiarity with Client Fortify
" Familiarity with application penetration testing tools:
o Proxies (Burp Suite Pro, Zed Attack Proxy)
o Scanners (Netsparker, AppScan, WebInspect)
o XML Tools (SOAP UI)
" Familiarity with BSIMM framework
" Additional related education and/or experience