Full-time
Information Security Analyst - App & Web Security



    Roles & Responsibilities
  • Inspect and assess current solutions on Application Security risks.
  • Identify security flaws in application code and web configurations, suggest and oversee remediation.
  • Create effective SIEM rules and other tools’ alerts to notify staff of application and web threats and correlate across environments.
  • Lead the vulnerability practice of scanning static and dynamic code across technology stacks and languages.
  • Validate risks and vulnerabilities and rate criticality and urgency.
  • Conduct penetration tests on code and web environments after every significant modification.
  • Ensure security controls are in compliance with applicable laws, regulations and policies to minimize risk and audit findings.
  • Architect/design security controls and analysis processes.
  • Train others on the team in application security concepts and educate developers on risk based coding including the OWASP best practices.
  • Identify areas where IT processes need to be established or improved.
  • Participate in on call rotation across the Information Security group.

 

    Required Skills
  • Authorization to work in the United States without sponsorship.
  • Experience analyzing risk in accordance with regulations including PCI, HIPAA, and Sarbanes-Oxley.
  • Experience creating processes, procedures and solutions that reduce technical risk and increase operational efficiency.
  • Knowledge of web architectures (WebSphere, Apache, IIS/IHS, CDN, NFS mounts, ESB, Jenkins) and application languages (.NET, Groovy, Java, PHP, BASH, Python, AJAX, Ruby on Rails, REST, XML, SOA, HTML, XML, COBOL), and code repositories (GIT, CVS, etc.).
  • Understanding of security threats and solutions for applications.
  • Ability to work independently and in teams, while meeting multiple deadlines.
  • Strong interpersonal and communication skills with proven decision making skills.
  • Desire to troubleshoot and lead investigations.
  • History of and commitment to ethical behavior and ethical full disclosure.
  • Background in several of the following areas: cyber security, intrusion detection/prevention, OS architecture, malicious network traffic identification, malicious code detection/prevention, security auditing, security architecture, security awareness education, databases, identity management, PKI, encryption methods/standards, event correlation, authentication services, advanced incident handling and forensics best.
Expired, click here to search for relevant jobs

Around the Network