Job Details

Senior Application Security Analyst



Required Skills

    scripting language

Infinity Consulting Solutions, Inc


3 to 5 Year(s)

Job Description

Duties and Responsibilities

Identify risks and areas of exposure in applications developed

Perform security reviews of source code, stored procedures, and server/service configurations

Perform manual and automated security testing of proprietary applications

Define and document application security requirements for applications

Conduct network and web-based application vulnerability assessments and penetration tests

Monitor industry trends and threat landscape and recommend necessary controls or countermeasures

Develop and deliver application security training to company software development teams (e.g. secure coding techniques and security best practices)

Participate in development of security policies, standards, and processes

Participate in incident handling and perform application-related forensics activities

Understand applicable company policies, procedures and other job-specific instructive documents and materials

Conduct business and perform job duties in a manner consistent with the requirements set forth in all company policies, procedures and other directives, and in compliance with legal and regulatory requirements

Complete all compliance training assigned to them to understand the key provisions of law, regulation and internal policies and procedures applicable to their job duties, as well as the impact of noncompliance on the company's reputation and success

Raise concerns about any practice(s) believed to be a violation of, or inconsistent with, company policies, procedures or other directives, or in violation of legal or regulatory requirements

Monitor processes and procedures to ensure safety and compliance

Model the Company's Vision and Values

Other duties as assigned

Skills and Experience

3+ years of hands on application security experience

Demonstrated performance in delivering results in a fast-paced and highly complex organization

Ability to demonstrate a comprehensive application testing methodology

Ability to identify security vulnerabilities from source code reviews and testing

Hands-on development experience and thorough understanding of ASP.Net, and ASP.Net Core

Advanced knowledge of web application technologies (e.g. MVC, Ajax, XML, JSON, SOA, SSL, web related protocols and services)

Advanced experience with at least one scripting language (e.g. Perl, Python, PowerShell)

Advanced knowledge of common application vulnerabilities, (e.g. XSS, CSRF, SQL injection, cookie / header / encoding manipulation, input/output validation, session replay, etc.)

Experience with Web Application Firewalls

Working knowledge of TCP/IP ports and protocols

Intermediate knowledge of Microsoft SQL

Familiarity with Open Web Application Security Project (OWASP), National Institute of
Standards and Technology (NIST) Special Publications, and Open Source Security Testing
Methodology Manual (OSSTMM)

Understands concepts of software development principles and SDLC models

Ability to understand and apply knowledge of information systems security concepts (e.g., secure architectures, secure electronic data communications, network security, encryption technologies, and secure credentials management)

Ability to work well with other members of the team, peers, and senior management

Excellent written and verbal communication skills required

Education or Equivalent Experience

Bachelor's degree in computer science or related field from an accredited college or university required.

Security Analyst
Information Technology

No Preference
FullTime Job

Candidate Requirements

Walkin Information

Recruiter Details
Doug Klares
1350 Broadway, Suite 2205, NEW YORK-10018, NY, US