Job Description :
The Application Security Analyst will be responsible for:
Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders?and individual contributors.?Candidates must be able to approach application security from the perspective of risk?management and be able to give different security options based on risk appetite of business line owners.?Demonstrable ability to influence decision-making processes at all levels of a large organization?will be critical to success.
Candidates must have excellent verbal and written communication skills, including experience?speaking in public forums and writing/contributing to technical publications.
Candidates should be familiar with waterfall and agile development processes and have?experience integrating secure development practices into both models. The ideal candidate?has experience writing and testing web applications and web services in the following?programming languages:?C/C++, Java, and JavaScript.?The candidate should have familiarity with a variety of development and testing tools, including:? Eclipse,?GIT,?GCC,?JIRA,?Subversion,?Maven,?ClearQuest/Case,?Tenable Nessus, Silk,?FindBugs,?HP/Fortify?SCA,?IBM?AppScan,?OWASP ZAP and?HP?WebInspect.
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
Candidates must have experience planning annual and multi-year roadmaps.
Familiarity with industry standards and regulations including: NIST 800-53, IRS 1075, FedRAMP, PCI, FFIEC, SOX, and ISO27001 is desired.