The Application Security Analyst will be responsible for analyzing software code repositories, code designs, processes, and implementation from a security perspective, and work with software development and infrastructure teams to identify and resolve security issues.
Work on and secure internal and external products with a security focus. Work closely with peers in a cross-functional team to solve problems, evolve standards and procedures, and improve the corporate product and application security posture.
This is an evolving area and a primary focus of this role will execute and maintain a security review program.
Develop, operate and maintain processes and tools to identify, analyze, and remediate vulnerabilities and configurations that could negatively impact business, clients, and information.
Work with software engineers to build secure architectures and patterns that can be implemented with minimal disruption.
Partner with Product, Engineering, QA, and Infrastructure teams to ensure security is part of the design process and proactively built into the clients products.
Analyze security concerns and follow through with issues until resolution.
Work alongside other team members supporting the business by identifying and removing risks, threats, and anomalies in the environment.
Performs static / dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
Strong oral and written communication skills; ability to present findings and recommendations to leadership while diving deep into code with developers."