The Senior Application Security Analyst will be responsible for integrating security into the development of an exciting new mobile application platform. The individual will be embedded in the product development team with a dotted-line reporting relationship to the Chief Information Security Officer. The Senior Application Security Analyst will work closely with the product development team to threat model the early architecture and identify required control points in the application. The Senior Application Security Analyst will also work closely with developers to diagnose, document, and remediate application security vulnerabilities.
Responsibilities of Senior Application Security Analyst:
• Conduct threat modeling of large-scale mobile application platform.
• Proactively work with teams to identify required control points in mobile applications.
• Perform mobile application security assessments, code reviews, and application penetration tests.
• Use automated and manual code review techniques to identify application security vulnerabilities.
• Lead code reviews across a variety of languages and technical platforms.
• Document vulnerabilities and work with developers on vulnerability mitigation.
Requirements of Senior Application Security Analyst:
• Bachelors degree in computer science or related discipline, or equivalent.
• At least 3 years experience threat-modeling and code reviewing complex applications
• Experience with code audit vulnerability testing and threat modeling
• Demonstrated expertise in Java and expertise in both server-side and client-side security issues.
• Experience with Android security a plus.
• Experience working with mobile device management a plus.
• Experience working with common application security tools such as Fortify, WebInspect, etc
• Experience conducting penetration tests
• Knowledge of secure development techniques including the OWASP Top 10.
• Ability to evaluate technical specifications and identify, document, and explain security vulnerabilities, threats, and risks.
• Security certifications such as CISSP or SANS GIAC a plus
• Strong written and verbal communication skills and the ability to interact well with different levels within the organization.
Important Safety Tips: You should find out as much as you can about the company. Meet your prospective employers/employees face to face. You should NOT have to provide your bank account details. Stay safe - read our safety tips.