Senior Applications Security Analyst

  • DOE
  • Parsippany, NJ, USA Parsippany NJ US
  • Contract, Full time
  • The Resource Collaborative
  • 20 Mar 18 2018-03-20

The Senior Application Security Analyst position will closely interact with other members of the Information Security team, IT team members, and Business Owners of applications. Responsibilities will include: Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, and meet with development teams as required. Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools. Develop a formal Application Security Verification Standard. Ensure quality web application security audits to ensure internal and industry standards, procedures, and methodologies are being followed.

  • 7 years of application security experience.
  • In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC, and identity and access management.
  • Experience in application and infrastructure security practices and standards (such as OWASP, CIS, SDLC).
  • Web application development experience in .NET, C#, Java, Python.
  • Experience reviewing code for vulnerabilities in .NET, Java, C#, Javascript/jQuery.
  • Knowledge of white hat hacker tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Wireshark and source code analyzers.
  • Familiarity in application security scanning technologies (Veracode, AppScan, Fortify ¬†WebInspect) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption.
  • Ability to effectively work as part of a cohesive and agile team.
  • Familiarity with cloud-based (e.g., AWS, Azure) application development services and tools.
  • Certifications (e.g., GWAPT, CISSP, CCSP) are preferred