Web Application Security Analyst
Our Consumer & Community Banking Group depends on innovators like you to serve nearly 66 million consumers and over 4 million small businesses, municipalities and non-profits. You'll support the delivery of award winning tools and services that cover everything from personal and small business banking as well as lending, mortgages, credit cards, payments, auto finance and investment advice. This group is also focused on developing and delivering cutting edged mobile applications, digital experiences and next generation banking technology solutions to better serve our clients and customers.
As a Web Application Security Analyst
, you will join one of the largest and most diverse tech companies on the planet, playing a critical role in protecting our customers (and their money) with cutting-edge technology. You will be an important member of an infrastructure team that works closely with internal developers and innovative Silicon Valley startups to deploy and support solutions to mitigate perimeter security risks in an agile fashion. You will work with our Cybersecurity partners to analyze attack methods and tactics leveraged against the firm's mobile and web applications, review/produce technical specifications for any changes or improvements to existing technology, or propose entirely new solutions as necessary. You will work with infrastructure engineers on our team, global technology partners and technology vendors to ensure that specifications are clearly documented, communicated and understood, and advise the business on options, risks, and costs. You will deploy and support perimeter defense solutions leveraging a combination of vendor and internally-developed components, to detect and mitigate automated attack traffic. You will analyze the performance and efficacy of production systems and controls, and recommend and deploy enhancements to maintain mitigation effectiveness in response to changing attack methods. Our successes will influence the direction of an industry, and you will gain the satisfaction of knowing you made a difference in keeping the world's financial system safe!
This role requires a wide variety of strengths and capabilities, including:
- Foundational knowledge of Web/HTTP security risks; knowledge of OWASP Automated Threat category and familiarity with OWASP Top Ten
Experience with HTTP protocols, response codes, modern usage, and web scripting/automation tools
- Experience with large-scale/high-volume eCommerce infrastructure and/or consumer mobile applications and associated threats
Foundational understanding of modern TCP/IP network infrastructures and network hardware/software
- Working knowledge of IT Security; Cyber engineering or analyst experience highly desired (government, military or private industry)
Industry recognized security certifications, such as SSCP, Security , GSEC/GISF, CEH, etc. preferred
- Basic understanding of the company's business practices and familiarity with the company's products and services; Financial services experience a plus
- Strong deductive reasoning, critical thinking, and problem solving skills and strong verbal/written communication skills
- BS/BA Degree or equivalent experience