Jobs Listings
.NET Active Directory ASP.NET BI Business Analyst Business Intelligence C# ClearQuest Cognos CSS DHTML Drupal Hibernate HTML5 ITIL J2EE Java Javascript jQuery JSP JUnit Linux media sales mySQL online advertising Oracle PeopleSoft PHP PL/SQL Planview PMP Project Manager SaaS Sharepoint SQL SQL server Systems Architect Tester Testing Tomcat UML Unix voip Web Content Producer XML
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Application Security Analyst – Fortify, Qualys, CISSP
The Application Security Analyst (ASA) is responsible for analyzing the security of the organization’s applications and related IT systems. The ASA ensures that security risks of applications are known, evaluated for significance, communicated, and addressed through effective application of controls and processes. The ASA serves as a subject matter expert on security technologies.
Essential Job Functions:
1. Assess IT systems for security vulnerabilities. The ASA will be responsible for applying appropriate tools and techniques to identify security vulnerabilities at all system layers. This includes application layer vulnerabilities such as XSS and SQLi, platform layer vulnerabilities disclosed by vendors and other vulnerability tracking organizations, and network layer vulnerabilities such as firewall policy deficiencies.
2. Evaluate security controls and practices of third party service providers supporting the organization..
3. Evaluate risk of known vulnerabilities, applying relevant standards and guidelines as appropriate (e.g. CVSS.) Triage and prioritize accordingly. Track remediation progress. Support remediation and risk acceptance processes as needed. Confirm effective resolution of previously identified vulnerabilities.
4. Support and ensure compliance with relevant security regulations, standards, and guidelines, such as FISMA, NIST SP800-53, and PCI DSS. Monitor and review policies and standards to ensure Application Security is appropriately addressed.
5. Analyze and track data in support IT security management. This may include analysis of large datasets and may require advanced use of desktop tools such Excel and Access; databases such as MySQL, Oracle, and MS SQL; and use of scripting languages such as Perl. Experience with Java, VB, and/or C# desirable.
6. Advocate application security interests, including the timely resolution of known security vulnerabilities. Maintain awareness of extended technology team members; support and encourage their remediation efforts.
Other Job Functions May Include:
7. Research new information security products and technologies.
8. Prepare and deliver written and verbal communications in professional and persuasive manner, in support of other departmental functions. This may include status briefings, security assessment reports and notifications, policies/standards/processes, etc.
9. Advises internal clients on appropriate application of existing security services to solve problems or enable new business opportunities. Delivers previously developed information security services in support of corporate needs.
10. Perform other duties and responsibilities as assigned.
Education/Experience Requirements:
• Bachelor’s of Science in Computer Science or equivalent work experience. Relevant IT security certifications such as CISSP a plus.
• Three years experience in successfully executing the essential job functions of this position. The successful candidate will have direct professional experience working with a substantial segment of the following tools, technologies, and processes to promote, monitor, analyze, and validate IT system security:
o Successful execution of a vulnerability monitoring and management program, to include identification, risk evaluation/triage, consensus building where needed, reporting and communication, and remediation verification.
o Platform vulnerability management tools such as Qualys.
o Platform configuration and patching, especially for recent versions of MS Windows and Unix.
o Configuration management tools such as Symantec CCS.
o Web application vulnerabilities assessment tools such as AppScan, WebInspect.
o Code security assessment tools such as Fortify.
o Development languages/environments such as C#/.NET, J2EE, Object Oriented (OO) n-tier application development environment, including familiarity with their native security services and common deficiencies,
o Application authentication & authorization systems such as RSA ClearTrust and Netegrity siteminder.
o Firewalls such a Checkpoint Firewall-1 and firewall policy testers such as Firemon.
o Web Application Firewalls such as Trustwave, Imperva, and F5.
• Experience supporting compliance with significant industry regulatory and standards regimes such as FISMA/NIST SP800-53 and PCI DSS.
• Direct experience with change management in processes in a mid-sized or larger organization. Candidate should be able to speak to the challenges encountered in managing security configuration, patch deployment, and bug fixes in larger organizations.
• Excellent technical writing, documentation development, process mapping, and visual communication skills.
• Excellent interpersonal and verbal communication skills.
• Financial services industry (Insurance, Banking, Investments) experience a plus.
