Senior Security Analyst - AppSec

About The Position

Requirements

• Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience
• At least 4 years work experience in information technology, cyber security, or information security

Nice To Haves

• Experience with .Net, C#, Javascript, Angular and related languages
• Familiarity with AzureDevOPs (ADO), Package Management, SBOM, TFS and / or VSTS
• Familiarity with major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)
• General knowledge of Application Security frameworks such as BSIMM, OWASP SAMM / ASVS, NIST, etc
• Experience with Thick Clients, Web Apps, Cloud Solutions, SPA, Web Services, MVC, APIs, etc
• Familiar with Azure DevOps Pipelines for automated build, test and deployment workflows
• Ability to support and manage Azure services including Azure Container Apps (ACA), Azure Kubernetes Service (AKS), and Azure Artifacts
• Familiarity with software supply chain security processes, including vulnerability scanning, artifact integrity validation, and dependency risk management
• Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment
• Experience communicating security concerns and issues to non-technical audiences
• Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques.
• Familiar with key application security tools such as BurpSuite, HCL AppScan, Veracode, Qualsys WAS, Micro Focus WebInspect, Checkmarx, Mend.io (White Source), DevTools, Fiddler, Owasp Zap, Metasploit, BeeF, SQLMap, Postman, etc
• Experience with Swagger, SOAPUI, Visual Studio
• Security industry certification desired
• This person must be located within a commutable distance to Mendota Heights, MN or Loveland, CO.

Responsibilities

• Perform application security triage, oversee issue resolution, and track remediation metrics
• Oversees the maintenance, support, and delivery of associated security platforms
• Drives continuous improvements in acting on alerts, service requests, and incidents
• Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues
• Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements
• Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects
• Provide support and ongoing input in the evolution of the application security program
• Ensure the application security tool set is optimized, tuned, and maintained
• Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and SecDevOps workflows
• Perform security testing to include SAST, DAST, SCA, Container, APIs, IaC, Secrets
• Interact with Infrastructure, DevOps, and application owners to ensure alignment with Patterson’s roadmaps
• Prioritize workload depending on business direction, compliance, and / or security requirements
• Embedded in the SDLC process for all major applications, working with DevOps, SecDevOps, Developers, QA, Principal Architects, Security Champions,
• Actively participate and / or lead weekly meetings with application team leads and security champions
• Track and manage identified vulnerabilities through resolution, ensuring timely remediation and documentation.
• Oversee the planning, execution, and follow-up of penetration tests conducted by internal teams and external security partners.

Benefits

• Full Medical, Dental, and Vision benefits and an integrated Wellness Program.
• 401(k) Match Retirement Savings Plan.
• Paid Time Off (PTO).
• Holiday Pay & Floating Holidays.
• Volunteer Time Off (VTO).
• Educational Assistance Program.
• Full Paid Parental and Adoption Leave.
• LifeWorks (Employee Assistance Program).
• Patterson Perks Program.