IT GRC Application Security Analyst - Req. 1901249
The IT GRC Application Security Analyst will serve as the interface between software developers and the IT GRC and Information Security teams. Their mission is to ensure the security of applications by working with software developers to build secure systems, by prioritizing and tracking security issues identified at the application layer, and by monitoring the security of applications in production. If you are a disruptor, not settling for “the way it’s always been done”, if you want to continuously define and refine your role, driving your own priorities, this role is for you. The ideal candidate will have a broad and technical information security skillset and the drive to develop professionally into a role that advocates for the inclusion of security principles across multiple business units and IT functional areas.
The day-to-day responsibilities of the IT GRC Application Security Analyst includes:
• Performing code and design reviews of internal and external software products
• Developing and implementing automated tests to enforce security standards
• Developing a security training and education program for software developers
• Prioritizing and tracking application security issues across the firm
• Working with software engineering teams to ensure timely resolution of issues
• Analyzing issue metrics to surface patterns
• Identify, highlight, and provide application security recommendations during requirement and design reviews
• Track open issues and follow up with different teams to address the open issues.
GOVERNANCE, RISK, AND COMPLIANCE
• Supporting IT GRC initiatives across a broad responsibility spectrum
• Performs other duties and responsibilities as assigned.
EXPERIENCE AND SKILLS
• Bachelor’s degree in Computer Science, MIS or related degree and a minimum of three (3) years of relevant development or engineering experience or combination of education, training and experience.
• Knowledge of authentication mechanisms like SAML, OAuth, etc.
• Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS, etc.
• Experience in secure application programming, code reviewing, and penetration testing web based applications (HP Fortify, TFS, WebInspect, Qualys, F5 ASM)
• Experience in security testing mobile applications.
• Knowledge of IT Governance, Risk, and Compliance concepts will help in this role, but they can be learned.
• Ability to work effectively with technical and non-technical personnel in a cross-functional setting
• Lead implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
• Identify security risks and develop solutions to eliminate or minimize risks
• Knowledge of software design, software and network architecture, protocols, and standards
• Excellent verbal and written communication skills
• CISSP certification desirable
• Industry leading certifications and additional technical certifications a strong plus.