Lead Application Security Analyst

Strategy & Planning

• Acquire and interpret business requirements and functional specifications to create security non-functional requirements.

• Work with the security architects to validate potential architectures through techniques like threat modeling.

• Maintain knowledge of best security practices through training, research, involvement with local IT security groups, and collaboration with internal cybersecurity teams.

• Identify areas for improvement by recommending the use of reusable code libraries introduced in standard build/deploy pipelines.

• Assist development teams in updating the CMDB records to reflect current state.

• Validate that OS, middleware, and images are being scanned for vulnerabilities at regular intervals and any reported vulnerabilities are tied back to the appropriate application(s).

• Work with development and QA teams to ensure the use of secure coding practices and verification methods.

• Work with dev-ops teams and engineers to integrate security solutions into continuous delivery frameworks.

• Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.

• Work with delivery teams and product owners to reduce application security risks by assisting with code remediation before production delivery.

Acquisition & Deployment

• Work with architects and developers to design optimal security practices when developing new application functionality.

Operational Management

• Support and maintain automated application security testing within the devops pipelines.

• Provide input in updating security standards on an annual basis.

Ensure that all applications are using effective security monitoring, and work with the endpoint security team to test configurations.