Reporting to the Senior Information Security Architect, the Application Security Analyst is responsible for identifying application vulnerabilities, assessing their risk, and working with developers, quality assurance analysts, project control officers, scrum masters, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities. The Analyst will also be responsible for the implementation and maintenance of testing tools and improving our automated testing processes and reporting.
The Application Security Analyst position will closely interact with other Information Security team members, as well as Application Delivery and Technology Operations team members, and Business Owners of applications. Responsibilities will include:
* Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.g. Jira), and meet with development teams as required. * Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools. This includes their integration points with Jira, GRC, and quality assurance systems. * Work with Management and Application Delivery to develop a formal Application Security Verification Standard. * Ensure quality web application security audits across IT to ensure internal and industry standards, procedures, and methodologies are being followed. * Consult with Application Delivery and Technical Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches. * Assist with the creation of training materials to educate developers and other stakeholders about key security concepts using a variety of media. * Keep up-to-date with industry changes by attending training, understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations * Enhance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments; proactively address internal control concerns and best practices
Bessemer is committed to creating a diverse and inclusive environment, and is proud to be an equal opportunity employer. We courage candidates of diverse backgrounds to apply.
Associated topics: cybersecurity, forensic, identity, iam, information security, information technology security, malicious, phish, security, security officer