Application Security Analyst Iii-4

Early Warning Services, LLC Scottsdale , AZ 85250

Posted 1 week ago

A Great Place to Work

Last year, we transformed the P2P payments industry with Zelle. 247-million transactions and $75-billion later, consumers love us as much as our amazing team of talented people. Come join the most INNOVATIVE FinTech company in Arizona.

Overall Purpose

This position leads the Security Architecture consultation with IT, Project Management, Product Management, Software Development and other peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and Early Warning Services policies and standards.

Essential Functions

  • Lead the Identification, measurement, control and minimization of security risks to information systems across a broad range of disciplines including application and host security.

  • Drives the evaluation of the current methods in use by Early Warning to access and process data via Early Warning customer facing applications.

  • Assist Security Architecture with the development of repeatable application security architectures working with internal and external partners to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.

  • Serves as the subject matter expert point of contact for all security issues in assigned areas.

  • Leads security efforts with development teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.).

  • Reviews changes and architectures for assigned areas from a security perspective.

  • Assist Security Architecture with the evaluation of product business cases including functional and detailed design specs to ensure security standards are met.

  • Assists and leads the security incident response process as assigned.

  • Advises as a subject matter expert and contributes to the development of Early Warning security policy and procedures.

  • Assist Security Architecture in the development of architectural reference material to ensure that security practices are being implemented in a repeatable fashion every time a new project is implemented.

  • Lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally) by assisting in documentation, tracking and creating solutions for mitigation.

  • Work with internal and external penetration testing organizations to coordinate application and network based penetration.

  • Lead security efforts with Software Development to perform static code analysis on all custom developed code.

  • Assist Security Architecture in the Interaction with customer banks to gather yearly testing and security requirements, review penetration testing findings, mitigating controls and/or projects to rectify security vulnerabilities.

  • Mentors new security team members.

  • Leads assigned information security efforts.

  • Individual contributor towards significant risk mitigation efforts.

  • Support the company's commitment to protect the integrity and confidentiality of systems and data.

Minimum Qualifications

  • Education and experience typically obtained through completion of a Bachelor's degree in Computer Science, Engineering, Math or Physical Science.

  • Minimum 4 years of application security experience and 4 years of Security Architecture or Consulting experience.

  • Subject matter expert in focused Application Security skill or silo.

  • Expert knowledge of relational databases, Windows, and Linux operating systems.

  • Ability to work independently and within a team environment.

  • Ability to lead efforts that develop and deliver complex and enterprise wide risk mitigation solutions.

  • Effective interpersonal skills, with ability to present to peers, coworkers and customers.

  • Export knowledge of operating system, application, network, and database security architectures.

  • Proficiency in AppSec and Web services security

  • Application development background

  • Delivered talks or published whitepapers at regional Security Conferences

  • CEH/CPT, or CISSP or CSSLP Certification and one of GWEB, or Secure Development Cert, or PHD or MBA in InfoSec or equivalent certification.

  • Exposure to the Agile SDLC process.

  • Expert vulnerability exploitation experience.

  • Experience leading information security efforts.

  • Expert experience in analyzing technical issues and making recommendations for corrective action.

  • Demonstrate expert understanding in the field of Information Security in terms of both concepts and technology.

  • Background and drug screen.

Preferred Qualifications

  • MCSE, SCSA, CCNA or CISA certification

  • Additional related education and/or experience preferred

  • Familiarity with HP Fortify

  • Familiarity with application penetration testing tools:

o Proxies (Burp Suite Pro, Zed Attack Proxy)

o Scanners (Netsparker, AppScan, WebInspect)

o XML Tools (SOAP UI)

  • Familiarity with BSIMM framework

  • Additional related education and/or experience

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

Candidates responding to this posting must independently possess the eligibility to work in the United States at the date of hire.

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Early Warning Services is an affirmative action and equal opportunity employer.

Early Warning is an equal opportunity employer that takes affirmative action to employ, and advance in employment, qualified minorities, women, individuals with disabilities and covered veterans.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Web Application Analyst Security Analyst III

Nextiva

Posted 2 months ago

VIEW JOBS 10/10/2018 12:00:00 AM 2019-01-08T00:00 SiteLock Needs A Web Security Analyst SiteLock is the Global Leader in business website security and is the only web security solution to offer complete, cloud-based website protection. We find and fix threats, prevent future attacks, accelerate website performance and meet PCI compliance standards for businesses of all sizes (basically like Batman if Gotham City was the internet). Our mission is to protect every website on the internet (yes, we know that's a colossal goal, but we are THAT good), that's why we need talented people like yourself to join our ever-growing team! That's Lovely, But What's The Job? As a Web Security Analyst, you will identify and remove malware from the source code of customer websites and databases inside a Linux environment. As well as, patch XSS and SQL injection vulnerabilities in PHP and ASP applications identified by our automated scanners, troubleshoot web application firewall issues and read security reports to resolve those issues. But wait, there's more… * Analyze log files to resolve errors, find security issues and basic forensics. * Help customers understand and optimize their website security posture. * Handle Customer, Support and Sales technical inquires. * Handle escalated tickets and calls from Tier 2 Support. * Escalate issues to engineering and vendors. * Create applications and scripts to automate daily tasks. What Are We Looking For? Before we get to the nitty gritty, it's just as important for us to find someone who demonstrates… * A flair for troubleshooting. On our Support Team, you're going to spend a lot of time looking for root causes, so it'll go a lot easier if that kind of thing rocks your socks. * Excellent communication skills. It's important to understand how a system works, but it's just as important to be able to communication that understanding into instructions, training sessions and other documentation that's accessible to people at varying levels of technical ability. * Master of multitasking. Does doing 5 things at once, stress you out? Or pump you up for a challenge? If you are the ladder, then we could be a great match. * Accuracy and attention to detail. Members of our Support Team pay attention to the details and make conscious efforts to understand causes instead of just the effects. Now… The Nitty Gritty. * 1-2 years' experience with Linux CLI. * 1-2 years' experience reading/writing PHP or similar technology. * 1-2 years' experience and/or training pertaining to Internet Security; or equivalent combination of education and experience. * Experience working with WordPress/Joomla or similar CMS. Nice To Haves * Familiarity with web servers, shared, VPS and/or dedicated environments. * Regex, server administration, and shell scripting experience. Anything else? Absolutely. SiteLock was recently awarded the Best of Cool award for our great culture by BestCompaniesAZ and are one of the Best Places to Work as awarded by Arizona Business Journal. Essentially, we offer a relaxed, friendly, fun and upbeat environment since we work here too! SiteLock is also the Fastest Growing Software Company in Arizona two years in a row per Derloitte's Fast 500, and we aren't slowing down anytime soon! So What About The Perks? Perks Matter. * Medical, Dental and Vision. SiteLock pays a nice chunk of your premiums to keep the cost as low as possible for our employees. * 15 days of PTO and 7 paid Holidays. Because who doesn't love time off? * Benefits like 401(k), company paid life insurance, short and long-term disability. * Casual Dress. Come dressed in jeans (you'll fit right in with the rest of us). * Free Food. Yeah, you heard that right! To make Mondays feel less like Monday, breakfast is provided and to make Fridays even better, lunch is catered in. * Game Room. Gimme a break – no, not a Kit Kat ad but we do have a ping-pong table, shuffle board and PlayStation if you ever need a break in your day. * Wellness Program. We want our employees to be the best versions of themselves. That's why we offer a Wellness Program that includes an in-house Fitness coach, back massages, allergy testing, biometric screenings and much more! * Growth opportunities. When we grow… our people grow! Our plan is to double in size by 2021. In order to do that, we need to develop our team members and foster their knowledge in cyber security and business. Nextiva Scottsdale AZ

Application Security Analyst Iii-4

Early Warning Services, LLC