The IT GRC Application Security Analyst will serve as the interface between software developers and the IT GRC and Information Security teams. Their mission is to ensure the security of applications by working with software developers to build secure systems, by prioritizing and tracking security issues identified at the application layer, and by monitoring the security of applications in production. If you are a disruptor, not settling for "the way it's always been done", if you want to continuously define and refine your role, driving your own priorities, this role is for you. The ideal candidate will have a broad and technical information security skillset and the drive to develop professionally into a role that advocates for the inclusion of security principles across multiple business units and IT functional areas.
The day-to-day responsibilities of the IT GRC Application Security Analyst includes:
Performing code and design reviews of internal and external software products
Developing and implementing automated tests to enforce security standards
Developing a security training and education program for software developers
Prioritizing and tracking application security issues across the firm
Working with software engineering teams to ensure timely resolution of issues
Analyzing issue metrics to surface patterns
Identify, highlight, and provide application security recommendations during requirement and design reviews
Track open issues and follow up with different teams to address the open issues.
GOVERNANCE, RISK, AND COMPLIANCE
Supporting IT GRC initiatives across a broad responsibility spectrum
Performs other duties and responsibilities as assigned.
EXPERIENCE AND SKILLS
Bachelor's degree in Computer Science, MIS or related degree and a minimum of three (3) years of relevant development or engineering experience or combination of education, training and experience.
Knowledge of authentication mechanisms like SAML, OAuth, etc.
Knowledge of Security Flaws and its Resolution as listed in sites like OWASP, SANS, etc.
Experience in secure application programming, code reviewing, and penetration testing web based applications (HP Fortify, TFS, WebInspect, Qualys, F5 ASM)
Experience in security testing mobile applications.
Knowledge of IT Governance, Risk, and Compliance concepts will help in this role, but they can be learned.
Ability to work effectively with technical and non-technical personnel in a cross-functional setting
Lead implementation efforts of security initiatives and resolutions of any findings from internal or external assessments
Identify security risks and develop solutions to eliminate or minimize risks
Knowledge of software design, software and network architecture, protocols, and standards
Excellent verbal and written communication skills
CISSP certification desirable
Raymond James Guiding Behaviors
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We expect our associates at all levels to:
Grow professionally and inspire others to do the same
Work with and through others to achieve desired outcomes
Make prompt, pragmatic choices and act with the client in mind
Take ownership and hold themselves and others accountable for delivering results that matter
Contribute to the continuous evolution of the firm