Sr. Application Security Analyst

Sr. Application Security Analyst

02 Dec 2024
New Jersey, Montvale, 07645 Montvale USA

Sr. Application Security Analyst

Vacancy expired!



NOW OFFERING REMOTE/VIRTUAL FRIDAYS FOR ALL MONTVALE-BASED POSTIONS

As a key member of the BMC Information Security Team, the Sr. Application Security analyst will be responsible for performing security testing and providing remediation guidance for application vulnerabilities across the BMC landscape. Key responsibilities include development of security standards as part of the overall Software Development Life Cycle (SDLC) process, code reviews, and using application vulnerability assessment tools for static and dynamic code analysis.

Operations support includes the creation of formal documentation, secure code training, and providing recommendations for security improvements. This role will require the individual to multitask and serve as a technical point-of-contact for application security. The role requires occasional off hours support and on-call rotation.

Responsibilities


  • Partner with various stakeholders, including application development teams, PMO, and security operations to drive the Secure SDLC strategy.

  • Lead and facilitate secure application design and architecture reviews.

  • Conduct application security assessments and penetration tests on web applications, web services, and mobile applications.

  • Utilize various commercial and open source tools to conduct periodic static code analysis and dynamic scans.

  • Find, validate, and drive remediation of security vulnerabilities, configuration issues, and flaws on application code.

  • Prioritize vulnerabilities and research and propose remediation steps.

  • Create formal documentation for project planning, builds, and Operations and Maintenance.

  • Educate developers on secure development and coding best practices.

  • Assist with monitoring activities using various industry standard security tools (e.g., SIEM, DLP, etc.) to identify potential security related issues.

  • Participate in and lead product selection, vendor evaluations, and implementations of security technologies.


Desired Certifications


  • Industry security and systems certifications (GIAC-GWEB, CISSP, CEH, GCIH, etc.)

  • ITIL Certified and or able to obtain ITIL Foundations Certifications within the next 3 months


Technical Skills


  • Software development experience in one or more of the following core languages: Java, .NET, PHP, Javascript, Python.

  • Experience with industry standard application security testing tools such as White Hat, IBM AppScan, HP Fortify, WebInspect, Burp Suite, etc.

  • Strong understanding of OWASP Top 10 and other similar frameworks.

  • Experience with Agile/SCRUM software development models.

  • Expert understanding of Software Development Life Cycle.

  • Knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.

  • Incident Response experience.

  • Basic experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.

  • Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.


Non-Technical Skills: Excellent teamwork skills; written and oral communication skills. Excellent formal documentation skills.

Job Details

  • ID
    JC23753826
  • State
  • City
  • Job type
    Permanent
  • Salary
    N/A
  • Hiring Company
    Benjamin Moore and Company
  • Date
    2021-12-02
  • Deadline
    2022-01-31
  • Category

Jocancy Online Job Portal by jobSearchi.