Application Security Analyst

  • Posted 11 days ago | Updated 11 days ago

Overview

Remote
$85,000 - $100,000
Full Time
10% Travel

Skills

Checkmarx
SOC 2
Sonatype
Nexus
BurbSuite
OWASP
NIST
ISO
JAVA
Powershell
Python
IGA application
Governance
Security

Job Details

Direct Hire
Remote with monthly travel to client location in Conshohocken, PA or Marlton, NJ- must be commutable to one or the other location, no exceptions
Must be eligible for hire without sponsorship
No 3rd party consultants

Overview:

Our client, a Mortgage Servicing Company is seeking a remote Application Security Analyst to join their growing team. This is a DIRECT HIRE opportunity. Candidates must be commutable to Marlton NJ or Conshohocken PA for occasional onsite travel.

Summary:
The Application Security Analyst will be responsible for evaluating new and existing internal applications to ensure they are designed and deployed in compliance with Information Security standards and industry best practices. This includes performing security assessments, conducting risk analysis, reporting security findings, and recommending corrective actions for the relevant operational teams.
Job Requirements:

  • Work with developers, architects, project leads/managers, business analysts, and others in determining security requirements for new or updated applications to ensure that these requirements are met as part of the software development lifecycle.
  • Work alongside IT partners and act as the subject matter expert for all information security questions, concerns, and guidance as they pertain to application security.
  • Develop, document and present training material on security-related topics and develop application security-related development standards and controls alongside other governance and architecture teams.
  • Assist with the administration and maintenance of industry leading security tools in the Identity Governance and Administration (IGA) and Privileged Access Management (PAM) such as Saviynt.
  • Analyze results from dynamic & static code testing (DAST and SAST).
  • Act to integrate application/software security tools within existing development processes.
  • Assist with the planning and tracking of application penetration tests as they are performed by an approved third-party vendor.
  • Identify and help resolve false positive findings in security assessment results.
  • Generate reports on assessment findings and help guide and track remediation tasks.
  • Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.
  • Stay up to date on new and emerging cybersecurity threats and attack vectors.
  • This position is an individual contributor with no direct reports but may provide guidance, leadership, or training to others.
  • Maintain regular and punctual attendance.
  • Performs other related duties as assigned.

Qualifications:

  • Solid understanding of secure coding principles (OWASP Top 10, Application Security Verification Standard, for example)
  • Knowledge of industry standard controls and frameworks such as NIST, International Organization for Standardization (ISO), Center for Information Security (CIS), and System and Organization Controls 2 (SOC 2).
  • 2-4 years experience with Application Security Tools like Sonatype, BurpSuite, Checkmarx, etc.
  • Familiarity with widely used application development tools & languages (ex. JAVA, React, Python, Powershell, SQL).
  • Strong analytical, critical thinking and problem-solving skills.
  • Excellent organization, written and oral communications skills.
  • Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
  • BS in Computer Science, Information Security, or a related field
  • 2-4 years of past experience in information security, especially in an analyst role
  • Experience with Saviynt or similar IGA applications.
  • Able to commute to Marlton, NJ or Conshohocken, PA once a month.
  • Industry Certifications such as CISSP, CISM, CISA, CEH/CSA, SSCP are considered a plus.