Application Security Analyst

Job description:

Key Accountabilities:

• Conducting vulnerability assessments and penetration testing in cloud and on-prem environments against applications (web, mobile, APIs and desktops).

• Analyzing vulnerabilities and delivering clear and coherent written reporting, identifying risks, and providing mitigation recommendations

• Design and implement security automation as part of the continuous integration (CI) and continuous delivery (CD) pipeline of key Business teams in order to proactively uncover security vulnerabilities in a shift-left approach

• Design and Implement secure architecture to protect the confidentiality, integrity, and availability of the CI and CD pipelines of key Business teams

• Work effectively with various stakeholders from development, quality assurance (QA), program management, and security teams

• Work with various stakeholders and business teams to provide security automation tools maintenance training

• Build internal knowledge, processes, KPIs, and tools

• Create artifacts for various stakeholders and customers

Key Competencies:

• 5+ cyber security expertise

• Minimum 3+ years experience in application security (preferably with DevSecOps Implementation)

• Understanding of DevSecOps / CI/CD Integration and Agile Security testing methodology

• Good understanding of secure software development lifecycle processes across technologies

• Strong knowledge on methodologies like OWASP , SANS etc.

• Ability to conduct vulnerability assessment and penetration testing using popular tools Fortify, Veracode, Rational AppScan, BurpSuite, etc.

• Understanding of DevSecOps / CI/CD Integration and Agile Security testing methodology

• Security Certifications preferred – CEH, OSWE, CSSLP, GWAPT

• Experience of at least one cloud platform (Azure, GCP).

• Experience in at least one scripting language (Bash, Python, Ruby etc)

• Experience containerization and Kubernetes

• Experience of automating and templating security processes and documentation for compliance purposes.

• Experience of at least one Infrastructure as Code solution (Terraform, SCALR, Ansible, Chef etc)

Successful candidates must be fully vaccinated against infection by COVID-19. Candidates who are unable to be vaccinated due to a personal characteristic protected under applicable human rights legislation may request to be exempt from this requirement. We will do our best to accommodate those who are unable to be vaccinated.

Job 59918