The Information Security Analyst will be responsible for evaluating application environments to ensure they are being designed and deployed in compliance with InfoSec standards, policies and US regulatory requirements.
This includes following up on security assessments, partnering with Cyber security team and business owner for systems risk analysis, reporting security findings and recommending corrective actions for the relevant operational teams.
Work with developers, architects, project leads / managers, business analysts, and others, in determining security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.
Work alongside IT partners and act as the "go to" individual for all security questions, concerns, and guidance for a specific IT entity.
Partner with Cyber security team in developing and presenting training material on security-related topics and develop application security-related development standards and controls alongside other governance and architecture teams.
Serve as a Subject Matter Expert (SME) in the field of application security for a specific IT entity.
Conducting dynamic & Static code reviews.
Act to integrate application / software security tools within existing development processes.
Assist with the planning and execution of application penetration tests.
Identify and help resolve false positive findings in security assessment results.
Generate reports on assessment findings and help guide and track remediation tasks.
Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.
Solid understanding of secure coding principles (OWASP Top 10)
Knowledge of Application Security Tools : IBM AppScan, Weblnspect, Veracode and Checkmarx
Strong familiarity with widely used application development tools & languages such as .Net or java
Bachelor degree in Computer Science, Information Security, or a related field