-
ID
#15444814 -
Job type
Permanent -
Salary
Depends on Experience -
Source
Staffing Solutions USA -
Date
2021-06-11 -
Deadline
2021-08-10
APPLICATION SECURITY RISK ANALYST
New York, New york city, 10001 New york city USAPermanent
Vacancy expired!
- Work with various senior IT leaders and application development areas to develop and implement SDLC Program according to the organization’s unique information security risk management, governance, risk, and compliance processes;
- Provides oversight/governance of the SDLC Program and communicates progress and issues to the CISO, Senior Business / IT Leadership and Application Development teams;
- Serves as a consultant to disseminate the specialist application security knowledge to the development communities;
- Researches and evaluates solutions and recommends the most efficient and cost effective solutions for ensuring that security is built-in to all phases of the SDLC;
- Leads demonstrations of application security tools to business and application development teams;
- Responsible for the development and maintenance of Static and Dynamic Code Analysis Tools (Such as Veracode etc.) scanning policies, user provisioning and security strategy documents, and any other related documentation;
- Engages Veracode and/or other third-party suppliers of application security software on system defects, support issues;
- Develop and implement a process for regular user recertification;
- Validate the removal process for application access for terminated employees;
- Perform semi-annual user access and entitlement reviews across the organization;
- Perform quarterly reviews and recertifications of privileged accounts;
- Identify and document the various functions and processes within each application;
- Develop and maintain SOD matrices for each application used within the organization along with identification of toxic combinations;
- Identify any conflicting duties based on the SOD Matrix and toxic combinations and perform remediation;
- Develop roles and access profiles based on the SOD in collaboration with the business users;
- Identify and document list of users and mapping to various functions and processes;
- Experience as a Security Engineer specifically for applications and understanding of SSDLC Framework.
- Strong background in application security assessments.
- Experience in application security assessments (white box, black box, code review and forensic testing.
- Hands on experience with application security tools like Veracode, IBM AppScan, Fortify, Web Inspect, and Burp Suite etc.
- Experience in integrating application security processes in CI/CD pipelines
- Knowledge of application security processes and standards including OWASP (ASVS etc.), CVSS rating, factors impacting risk rating etc.
- Some system administration and coding experience with at least .NET, J2E, Python etc.
- Experience with web services (API) architecture, security reviews and testing.
- Solid understanding of encryption, certificate and key management services
Vacancy expired!
Report job