Join a diverse and dynamic team that makes and delivers the most valuable services in the world: electricity and natural gas. At Consumers Energy, our customers are at the heart of everything we do.
Our employees work around the clock to provide service to our customers in honor of our history and to fulfill our promise to Michigan - Count on Us! Consumers Energy, the principal subsidiary of CMS Energy and headquartered in Jackson, Michigan, provides natural gas and electricity to nearly 6.8 million of Michigan's 10 million residents in all 68 Lower Peninsula counties.
The Consumers Energy Vulnerability Management Team focuses on evaluating the security posture of Web Applications, Mobile Applications, API's and Web Services. The Application Security Analyst will work jointly with Development Teams and Architects to review application code and be able to articulate security posture of applications and back-end systems.
Conduct web and mobile application security vulnerabilities assessments using Static Application Security Test (SAST) and Dynamic Application Security Test (DAST) using scanning tools / manual checks and notify the appropriate team to take necessary action. An understanding of modern web application development languages is necessary to communicate mitigating controls and potential remediation activities
Perform static code analysis for web application written in.NET
Perform web application vulnerability assessments
Create processes for automating manual tasks used by the vulnerability management team
The IT Technical Job Family is utilized in Information Technology. Typically employees in this job family are required to design or maintain technology systems, to utilize various computer software programs, and to design, develop and/or provide advice and counsel on the operation of equipment, processes and procedures.
They are responsible for ensuring adherence to laws and regulations applicable to Company employees. This job family includes Application Development, Infrastructure, Information Security, and Architecture. This position has remote capability.
Nature of Work
Maintains awareness of the latest critical information security vulnerabilities, threats, and exploits
Provide guidance on existing and emerging threats in the web and mobile application landscape
Assist in conducting and facilitating security reviews, as directed by leadership, throughout the application development lifecycle, including tasks such as:
Performing, and improving security assessments for applications across the enterprise
Static (SAST) & Dynamic (DAST) Application Security Testing and/or penetration testing of applications and source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities
Communicating technical application security concepts to developers
Training developers on application security and remediation of application security code defects
Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Vulnerability Management program.
Improve enterprise security posture through close collaboration with teams to ensure the adoption of security best practices across the entire application lifecycle.
Implement policies in in accordance with security best practices.
Conduct security reviews of application scan results.
Hours and Travel
Meet travel requirements of the position. Work a flexible schedule, which may include evenings, weekends, holidays and overtime.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit, stand, walk, stoop, kneel, crouch, crawl, and use hands to finger, handle, or feel objects. The employee frequently is required to talk or hear. The employee must lift and move up to twenty pounds.
Specific vision abilities required by this job include close vision, color vision, depth perception, and the ability to adjust focus. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually moderate.
Position will be filled at the appropriate salary grade based upon the skills, knowledge, and experience of the selected candidate.
All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, sexual orientation, gender identity or national origin.
Nearest Major Market: Jackson Michigan
Nearest Secondary Market: Ann Arbor
Job Segment: Information Systems, Developer, Application Developer, Testing, Information Security, Technology