Application Security Analyst

  • Posted 19 days ago | Updated 13 days ago

Overview

Remote
Depends on Experience
Full Time
10% Travel

Skills

Checkmarx
JAVA
SOC 2
DAST
Python
communications skills
Security
React
Powershell

Job Details

Must be local to NY, NJ, PA, DE, or MA.

Job Summary:

The Application Security Analyst will be responsible for evaluating new and existing applications to ensure they are designed and deployed in compliance with Information Security standards and industry best practices. This includes performing security assessments, conducting risk analysis, reporting security findings, and recommending corrective actions for the relevant operational teams.

Essential Job Duties and Responsibilities:

Leverage proficiency in Application Security to:

  • Work with developers, architects, project leads/managers, business analysts, and others in determining security requirements for new or updated applications to ensure that these requirements are met as part of the software development lifecycle.
  • Work alongside IT partners and act as the subject matter expert for all information security questions, concerns, and guidance as they pertain to application security.
  • Develop, document and present training material on security-related topics and develop application security-related development standards and controls alongside other governance and architecture teams.
  • Assist with the administration and maintenance of industry leading security tools in the Identity Governance and Administration (IGA) and Privileged Access Management (PAM) such as Saviynt.
  • Analyze results from dynamic & static code testing (DAST and SAST).
  • Act to integrate application/software security tools within existing development processes.
  • Assist with the planning and tracking of application penetration tests as they are performed by an approved third-party vendor.
  • Identify and help resolve false positive findings in security assessment results.
  • Generate reports on assessment findings and help guide and track remediation tasks.
  • Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.
  • Stay up to date on new and emerging cybersecurity threats and attack vectors

Other Job Duties and Responsibilities:

  • Performs other related duties as assigned.
  • Maintain regular and punctual attendance.

Supervisory Responsibilities:

This position is an individual contributor with no direct reports but may provide guidance, leadership, or training to others.

Qualifications:

  • Solid understanding of secure coding principles (OWASP Top 10, Application Security Verification Standard, for example)
  • Knowledge of industry standard controls and frameworks such as NIST, International Organization for Standardization (ISO), Center for Information Security (CIS), and System and Organization Controls 2 (SOC 2).
  • 2-4 years' experience with Application Security Tools like Sonatype, BurpSuite, Checkmarx, etc.
  • Familiarity with widely used application development tools & languages (ex. JAVA, React, Python, Powershell, SQL).
  • Strong analytical, critical thinking and problem-solving skills.
  • Excellent organization, written and oral communications skills.
  • Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business.

Education and/or Experience:

  • BS in Computer Science, Information Security, or a related field
  • 2-4 years of past experience in information security, especially in an analyst role
  • Experience with Saviynt or similar IGA applications.
  • Able to commute to Marlton, NJ or Conshohocken, PA once a month.

Certificates, Licenses, Registrations:
Industry Certifications such as CISSP, CISM, CISA, CEH/CSA, SSCP are considered a plus.