Senior Application Security Analyst

Amazon Web Service, Application Security, Azure, DAST, DevOps, Linux, SAST, SANS, Security Operations
Contract W2, Contract Independent, 12 Months
Depends on Experience
Work from home available

Job Description

Fantastic opportunity for a Senior Application Security Analyst !

Our Chicago-based client is seeking a Senior Application Security Analyst who will work closely with Application Development, Quality Assurance, Technical Services and business teams to ensure our solutions are highly secure. You will leverage your advanced application security knowledge when leading security review sessions, participating in design sessions, defining functional requirements, and developing testing scenarios. You will ensure that risks are identified, and partner with the Application Development teams to ensure mitigation plans are developed and executed. You will embrace and recommend secure development practices to reduce design flaws which could lead to exploitation.

Please submit your resume with the link to your LinkedIn Profile.

Responsibilities:

• Responsible for application security standards, assessments and code review as part of the software development lifecycle

• Collaborate with teams to perform internal and 3rd-party vulnerability and penetration testing

• Coordinate with QA testers and developers to conduct repetitive validation testing throughout the development lifecycle

• Leverage technical application testing capabilities to qualify findings and provide more specific remediation recommendations for resolution while reducing false positives

• Focus on automation to aid in efficiencies with testing and remediation of security findings

• Leverage the security community to understand any public-facing security issues and remediations, as well as to learn new tactics that can be used in testing

• Participate in application efforts and change management processes to understand upcoming activities and provide thought leadership to ensure security processes are in place

• Drive security awareness and evaluation earlier in the development lifecycle

• Develop and leverage a technical security review process to ensure an automated and repeatable processes are managed

• Utilize security standards and implementation configurations, and common security frameworks

• Align with architects and development teams for a mission of secure design

• Actively participate and lead security team meetings that facilitate secure design

• Address service and escalation tickets within SLA expectations

• Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted

• Work with Infrastructure and Cybersecurity teams to conduct performance testing to understand potential impacts on business innovation and day-to-day processes

• Obtain and review all required artifacts as part of go/no go analyses at security checkpoint phases in the development cycle

• Leverage secure coding standards that are based on industry-accepted best practices, such as OWASP Guide and SANS - CIS Critical Security Controls

• Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software

• Assist with periodic security risk assessments, IT security audits, and management reporting

• Educate, assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), Microsoft Azure, and other SaaS applications and cloud platforms

• Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status

• Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders

Qualifications: __
*REQUIRED QUALIFICATIONS*

• BA/BS in Cybersecurity, Information Technology, computer science, or related field, or professional experience related to application design, development, and cloud architecture

• Minimum 7 years’ experience with most or all the following - Cybersecurity, Security Operations, Application Security, Q/A testing, commonly used programming tools, workflows, and concepts

• DAST/SAST/IAST solution evaluation, selection, implementation, operational use

• Microsoft Azure and Dynamics 365 roles, permissions definition and provisioning

• Microsoft Office 365 Suite, including Word, Excel, PowerPoint, Visio, Outlook, Teams

• Experience with Agile and DevOps development principles and processes

• Understanding of all phases of product, software, and testing lifecycles

• Clear and concise verbal and written communication skills

• Excellent presentation skills

• Ability to flow smoothly between strategic planning and tactical execution

• .NET development or support experience highly preferred
__
*PREFERRED QUALIFICATIONS*

• 3+ years of experience in healthcare, finance or benefits administration

• Proficiency with a wide range of security tools such as Kali Linux, Microsoft Threat Modeling tools, Metasploit, Whitesource, other IAST/SAST/DAST tools

• Hands-on experience with Azure DevOps, GitLab or other DevOps management solutions

• Knowledgeable in SDLC, Agile and/or Waterfall methodologies

• Knowledge of threat modeling and countermeasures

• Experience with conducting Security Code Reviews

• General knowledge of databases, applications, system interfaces, and operating systems

• Understanding of relational databases, structures and design

• Moderate SQL knowledge

• JAVA development or support experience

• Experience with forensics and vulnerability management systems

• Industry education and/or certifications are preferred

OTHER VALUED SKILLS

• Ability to read and understand code, and ability to script

• Familiarity with Web Application Firewalls

• Ability to work independently and in a team-oriented, collaborative environment

• Must be able to learn, understand and apply new technologies

• Knowledge of application development security best practices as they relate to policies and procedures, configuration, and implementation

• Knowledge of cloud environments including security, configuration, and management
Peterson Technology Partners (PTP) is an Equal Opportunity Employer that is committed to diversity and inclusion in the workforce.

About the Company:

Peterson Technology Partners (PTP) has been Chicago's premier Information Technology (IT) staffing, consulting, and recruiting firm for over 23+ years. Named after Chicago's historic Peterson Avenue, PTP has built its reputation by developing lasting relationships, leading digital transformation, and inspiring technical innovation throughout Chicagoland.

Based in Park Ridge, IL, PTP's 250+ employees have a narrow focus on a single market (Chicago) and expertise in 4 innovative technical areas;

  • Cybersecurity
  • Artificial Intelligence
  • Data Science
  • Cloud & DevOps

PTP exists to ensure that all of our partners (clients and candidates alike) make the best hiring and career decisions.

Dice Id : 10123255
Position Id : 103729
Originally Posted : 3 months ago
Have a Job? Post it