Analyst, Application Security

About The Position

Requirements

• Software engineering experience in Java, C++, .NET and/or related languages.
• Expert at deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in large environments.
• Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM).
• Familiar with blockchain, public/private key management, cryptocurrency, and/or experience securing enterprise implementations.
• University degree in Computer Science, Engineering, MIS, CIS, or related discipline.

Nice To Haves

• Specific Technologies: Checkmarx, WebInspect, BurpSuite, JFrog Xray, Python, Django, Java, C++, HTML5, .NET, iOS & Android, MySQL, Oracle DB, Cloudfare, Akamai.

Responsibilities

• Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
• Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
• Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
• Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners, Web Application Firewall (WAF) and bug bounty programs.
• Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.