Sr.Application Security Analyst

Phoenix, AZ

Job Description:

The ideal candidate will become the subject matter expert in application security, performing white-box applications and secure code reviews. You will be responsible for analyzing and monitoring Security Information and Event Management (SIEM) using various tools to investigate incidents, determine true threats, and promptly provide solutions to detected issues.

Identify and help remediate common application vulnerabilities using a combination of SAST/DAST tools and manual code review.

Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and countermeasures.

Perform penetration test new platform functionality and services and ensure secure development standards and requirements.

Contribute to application security development projects and discussions as needed.

Perform research on new security trends, tools, and techniques to help improve existing processes.

Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

Prioritize and track assigned security issues and assist the GRC team with audit activities.

Work with the Security team to perform vulnerability scanning to identify network and application vulnerabilities.

Investigate security breaches and other cybersecurity incidents.

Respond to security incidents, escalate appropriately when needed, work with other teams to resolve issues, and take responsibility for bringing investigations to closure.

Stay up to date on information technology trends and security standards. Generate reports for management to demonstrate the efficacy of security policies.

Develop and maintain security policies, procedures, and training.

Research security enhancements and make recommendations to management.

Monitor privileged access and report suspicious activity to a higher level or team members.

Qualifications:

Bachelor’s degree or relevant experience.

Experience with application security testing, techniques, and tools.

Demonstrable hands-on experience with at least one scripting or programming language.

Experience with vulnerability and security scanning tools.

Experience with penetration testing and related security tools and techniques.

Strong knowledge of secure development and secure architecture.

Knowledge of vulnerability frameworks and reporting (CSF, NIST, OWASP, CVE, etc.)

Knowledge of Security Information and Event Management (SIEM) systems, event collection, content development, and log data optimization.

System administration experience with at least one common OS (Window, Linux, Mac).

Demonstrate quantitative data analysis and research presentation skills.

Please send resumes:

Jayme.Chapin@tekstream.com