Overview
Skills
Job Details
Position: IT Sr. Application Security Analyst
Location: Remote
Duration: Fulltime
Interview: Phone and Skype
Job Description:
IT Application Security Analysis
Responsible for daily researching new threats, attacks, and risks to infrastructure and software.
Identify, collect, and organize credible, new intelligence and subject matter relative to current and emerging threats using all the tools, applications and open-source information.
Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
Implement choices through a security lens for the entire development lifecycle, including design, coding & development, QA & security testing, and release.
Collaborative work with cloud operations team to develop key patterns and templates to implement secure guardrails.
Secure the design, architecture, and implementation of new applications. This includes secure software development lifecycle (SDLC) practices which incorporate threat modeling and security testing.
Application Security Protocols & Practice
Define, document, and publish application security standards in a practical and consumable format for developers. Ensure compliance with applicable security controls when writing such standards.
Organize training to improve employees' knowledge and skills for future organizational growth as it relates to application architecture principles and standards.
Lead vendor resources to accomplish the adoption and implementation of DevSecOps principles, training, and secure coding.
Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, Industry regulations and best practices.
Security Controls & Architecture
Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
Contribute to the development and maintenance of information security strategy and architecture.
Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks.
Communicate security risks and solutions to business partners and IT staff as needed.
Keep current with security industry best practices and applies per IT strategy and roadmap to prevent incident. Implement effective integration and adoption of best practices, latest methods & techniques in identifying design flaws and software issues
Design, lead, and project manage the development and configuration of security tools and automation based on use cases.
Participate in or lead the creation or update of detailed operational processes and procedures related to Security Incident Management & Code development.
Communicate and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise.
Address questions from internal and external audits and examinations. This includes providing requested compliance reporting.
May include other responsibilities as assigned
REQUIREMENTS:
5+ years of related and progressive IT and Security experience.
Demonstrated progression toward security certifications CISSP, CISM.
Exposure to enterprise web application programming and Application Security (AppSec).
Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
Knowledge of technical infrastructure, end points, networks, databases, and systems in relation to IT Security and IT Risk.
Ability to work independently, take follow-up on project deliverables, go above and beyond the task at hand.
Excellent analytical, organizational and communication skills. Demonstrated ability to facilitate cross-functional teams. Ability to effectively prioritize and execute tasks in a complex environment.
Experience in continuous improvements and agile methodology.
Strong communication, presentation, analytical and problem-solving.
Excellent written and verbal communication skills.
BS degree in Cyber Security or related area preferred.
AMA's safety and policy protocols require proof of full vaccination against COVID19 for employment at AMA (including booster when eligible). Employees may apply for a religious or medical exemption from getting the vaccine.
Additional Technical Background
Familiarity with Static Application Security Testing (SAST) tools (such as SonarQube)
Familiarity with Dynamic Application Security Testing (DAST) tools (such as Snyk or Rapid7)
Familiarity with Web Application Firewall(s) (WAF)
Familiar with security standards, principles, techniques, and Frameworks (NIST, PCI, HIPAA etc.)
Familiarity with Database and SQL
Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
Proficiency in Microsoft Office tools (Excel, PowerPoint) and other tools such as Jira, Confluence, Service Now and SharePoint.
Ravi Kumar
Lead Recruiter | PRIDEVETERANS Consulting LLC |
Phone: /
Corp. Office: 15 Union Avenue, office # 6, Rutherford, New Jersey 07070