The primary role of the Application Security Analyst is to ensure the secure operation of the company applications and systems through testing, monitoring, and risk assessments. The Application Security Analyst will also maintain a strong understanding of current and emerging security technologies, threats, vulnerabilities, and industry best practices for recommending sound technical solutions as needed.
Required Qualifications
- Minimum 5 years of experience in a corporate network environment
- Possess two or more professional certifications in an Information Security / Cyber Security area. Preferred certifications include CISSP, CSSLP, GWEB, CASE, CASS, CISA, and CRISC.
- Demonstrable expertise in the field of information security and related frameworks such as, International Organization for Standardization (ISO) 27001, ITIL, COBIT, National Institute of Standards and Technology (NIST), CSI CSC 20 etc.
- Strong, hands-on technical knowledge of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities and recommended best-practices for vulnerability remediation .
- Experience with static and dynamic vulnerability analysis using industry-leading scanning tools and manual code reviews (SonarQube, BurpSuite, Nessus, Rapid7, Metasploit, etc.)
- Comprehensive understanding of Internet standards and application protocols including TCP\IP, REST, SAML, HTTP/HTTPS, and modern application technologies.
- Deep understanding of Business-to-Business (B2B) information security infrastructure and approaches to include, OAUTH2 / OIDC, Single Sign On (SSO), Adaptive Access, Access Policy Management, Access Event Logging and Audit, Authorization Control, Session Management
- Solid understanding of data privacy practices, laws, and regulatory requirements such as (FFIEC, SOX, GLBA, PCI-DSS, NYDFS, etc.).
- Able to conduct in-depth research into security issues and solutions as required, including risk assessments with threat and vulnerability analysis.
- Virtualized hosting, integration, and deployment experience for application development (GitHub, AWS, Azure, DevOps, Jenkins, Heroku, SalesForce, etc.)
- Strong interpersonal, written, and oral communication skills Highly self-motivated and directed, with keen attention to detail. Proven analytical and problem-solving abilities.
- Able to effectively prioritize tasks in a high-pressure environment. Experience working in a team-oriented, collaborative environment. Ability to work after hours and on weekends as necessary.
- Provide effective technical and administrative security control recommendations to non-security staff, vendors, and contractors.
What You Can Expect From PWB
The final salary is to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with geographic/market data.
PWB is pleased to offer additional benefits to support our employee’s physical, emotional and financial health.
Benefits include medical, dental, vision, 401(k), life and disability insurance, parental leave, mental health support, wellness incentives, legal assistance, tuition reimbursement, paid time off, company holidays, incentive programs, as well as other fringe benefits.