Application Security Analyst
Brooklyn, Ohio, United States of America
Contract
9 hours ago
Key skills
JavaScriptPythonC#C++C.NETVisual BasicShellPowerShellSeleniumAzureJenkinsOAuthSAMLSSOAgileCI/CDProject ManagementCommunicationCollaborationSnykSonarQubeOWASPPenetration TestingCloud Security
About this role
Role: Application Security Analyst
Duration: Long Term
Location: Brooklyn, NY
Tasks & Duties:
- Objective:
- Audit and analyze and accredit HRA/DSS/DHS Applications being moved as part of the Data Center Migration Project.
- Scope/Tasks Breakdown:
- Evaluate Application vulnerability scan reports
- Document application vulnerabilities found in scan reports and define vulnerabilities mitigation SLAs
- Assess if the application vulnerabilities found in scan reports are within the Agency Risk Appetite
- Communicate and report application vulnerability findings to Business Owner(s) and IT Heads
- Develop application vulnerability mitigation strategy and mitigation controls to make the applications secure within the agency infrastructure environment
- Evaluate mitigated application vulnerabilities with development teams to perform security accreditation for production deployment
- Enforce Risk Acceptance Letter for applications seeking production deployment with unmitigated application vulnerabilities requiring approval from Business Owner(s), IT Head and CISO
Required Skills:
- 8+ years of experience in Application Security & Industry Standards (OWASP, NIST)
- 8+ years of experience in Secured Software Development Life Cycle (SSDLC)
- 8+ years of experience in Threat Modelling & Risk Assessments
- 5+ years of experience in Application Scanning for Vulnerabilities (SAST, DAST)
- 8+ years of experience in Integration of Security in CI/CD Pipeline, DevOps, Dev SecOps (Azure, Jenkins)
- 8+ years of experience in API Security & Access Controls (OAuth, SAML, SSO)
- 8+ years of experience in Cloud Security
- 8+ years of experience in Security Frameworks (NIST, ISO 27001, PCI-DSS, SOC 2, HIPAA, GDPR, FedRAMP, HITRUST)
- 8+ years of experience in Vulnerability Management & Penetration Testing
- 8+ years of experience in Incident Response & Security Operations
- 8+ years of experience in Security Training & Awareness
- 8+ years of experience in Agile Environment Collaboration
- 8+ years of experience in Project Management
- 8+ years of experience in Cross-Functional Team Collaboration
- 8+ years of experience in Client Engagement & Communication
- 8+ years of experience with Operating Systems: Windows Server, Apache, Microsoft IIS, Windows, Linux, VMware, Citrix
- 8+ years of experience with Technology Stack: ASP, .NET, Visual Basic.NET, Visual Basic, Cold Fusion, JavaScript, HTML, C++, C#, MS PowerApps, Python, Powershell, Shell Scripting, Selenium
- 8+ years of experience with Security Tools — Must Have: VERACODE, IBM Appscan, SD Elements, Burp Suite
- 8+ years of experience with Security Tools — Plus to Have: CHEKMARX, Fortify, Prowler, SonarQube, SNYK, Wireshark, OWASP ZAP, Rapid7, STRIDE