Application Security Analyst
Description:
**Open to remote candidates, with a preference for those who can easily travel to the office in New Jersey at least once a month for initial onboarding and occasional meetings.**
Job Summary:
The Application Security Analyst will be responsible for evaluating new and existing Freedom owned applications to ensure they are designed and deployed in compliance with Information Security standards and industry best practices. This includes performing security assessments, conducting risk analysis, reporting security findings, and recommending corrective actions for the relevant operational teams.
Essential Job Duties and Responsibilities:
Leverage proficiency in Application Security to:
Work with developers, architects, project leads/managers, business analysts, and others in determining security requirements for new or updated applications to ensure that these requirements are met as part of the software development lifecycle.
Work alongside IT partners and act as the subject matter expert for all information security questions, concerns, and guidance as they pertain to application security.
Develop, document and present training material on security-related topics and develop application security-related development standards and controls alongside other governance and architecture teams.
Assist with the administration and maintenance of industry leading security tools in the Identity Governance and Administration (IGA) and Privileged Access Management (PAM) such as Saviynt.
Analyze results from dynamic & static code testing (DAST and SAST).
Act to integrate application/software security tools within existing development processes.
Assist with the planning and tracking of application penetration tests as they are performed by an approved third-party vendor.
Identify and help resolve false positive findings in security assessment results.
Generate reports on assessment findings and help guide and track remediation tasks.
Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.
Stay up to date on new and emerging cybersecurity threats and attack vectors
Other Job Duties and Responsibilities:
Performs other related duties as assigned.
Maintain regular and punctual attendance.
Supervisory Responsibilities:
This position is an individual contributor with no direct reports but may provide guidance, leadership, or training to others.
Qualifications:
To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
Solid understanding of secure coding principles (OWASP Top 10, Application Security Verification Standard, for example)
Knowledge of industry standard controls and frameworks such as NIST, International Organization for Standardization (ISO), Center for Information Security (CIS), and System and Organization Controls 2 (SOC 2).
2-4 years’ experience with Application Security Tools like Sonatype, BurpSuite, Checkmarx, etc.
Familiarity with widely used application development tools & languages (ex. JAVA, React, Python, Powershell, SQL).
Strong analytical, critical thinking and problem-solving skills.
Excellent organization, written and oral communications skills.
Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
Education and/or Experience:
BS in Computer Science, Information Security, or a related field
2-4 years of past experience in information security, especially in an analyst role
Experience with Saviynt or similar IGA applications.
Able to commute to Marlton, NJ or Conshohocken, PA once a month.
Certificates, Licenses, Registrations:
Industry Certifications such as CISSP, CISM, CISA, CEH/CSA, SSCP are considered a plus.