Application Security Analyst Job Description
Application security analyst
provides leadership in the technology evaluation, design and the implementation of Application Security technologies providing expertise around secure coding practices, application security technical assessments and tools.
Application Security Analyst Duties & Responsibilities
To write an effective application security analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included application security analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Contribute both on an individual application basis global strategic basis to raise the application security posture across the organisation
Perform and/or assist with internal application security assessments as needed
Respond to alerts support for irregular events such as executing or holding scheduled jobs
Develops application security training documentation
Develops project plans in coordination with Information Technology developers and other business units/departments
Leads and participates on cross-functional teams to represent application security interests from a technical and process perspective
Stays current on trends in application security and the latest compliance information, including but not limited to Sarbanes Oxley (SOX) and Segregation of Duties (SOD)
Provide impeccable customer service while working with IT, Legal, Finance, Internal Audit and others
Work on the vendor application security program and work on VBSIMM activities to be included within TPRM vendor assessment
Will be a point of contact for advice on Network risk mitigation strategy
Application Security Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security Analyst
List any licenses or certifications required by the position: CISSP, CEH, GWAPT, CSSLP, SANS, IAT, GIAC, F5, II, GSSP
Education for Application Security Analyst
Typically a job would require a certain level of education.
Employers hiring for the application security analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Information Systems, Engineering, Information Security, Information Technology, Business, Technology, Technical, Computer Engineering
Skills for Application Security Analyst
Desired skills for application security analyst include:
Security technologies
Application design and coding practices
Remediation techniques
Secure coding standards/DevOps methodologies
Specifically Open Source Software security
Exploits
Web application vulnerabilities
Secure development and secure architecture
Standard SDLC practices
Web application vulnerabilities and web application business logic flaws and threats
Desired experience for application security analyst includes:
Database (Oracle, Microsoft SQL)
Windows Server and Redhat Linux
Programming (Unix Shell, Powershell, Perl, PHP, Python, SQL)
Additional certifications such as MCSP, CCIE, CCNA, CCNP, CCSP preferred
Experience in the remediation of related Information Security risks/vulnerabilities
Familiarity with Security Standards and groups (OWASP, WASC)
Application Security Analyst Examples
1
Application Security Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of application security analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for application security analyst
- Threat Model – Think like an attacker and make sure that code we are developing is ironclad and ready to stand up to future attacks
- Static Code Analysis – Review, tune, and set policies within our SAST tool set
- Training – Provide training, and knowledge that our development teams need
- Metrics – Create valuable metrics that our program can use to measure our success
- User stories - Provides user stories to development teams from both a security and customer perspective
- Stays up to date on new attacks
- Participates in security audits and security risk assessments
- Assess and communicate security risks to the organization
- Participate in and provide input to the design of user dialog and non-dialog roles, task assignments, role mapping and user provisioning inclusive of Fire Fighter design and assignments
- Designing, defining, refining, and documenting business services, processes, job aids, operating procedures, policies, business requirements, technical requirements, business agreements and other artifacts that are understood and accepted by business owners and users of such artifacts
Qualifications for application security analyst
- Requires a minimum 5 years experience in software/web applications development
- Proficiency in Object Oriented software development practices and version controlled code development
- Proficiency working with SQL and databases such as MySql and Postgres
- Proficiency working with Tomcat or other J2EE containers
- Experience with consuming REST-based web services and JSON
- 2-3 years of experience using Remedy, HPQC or other ticketing support applications to prioritize and respond to user requests
2
Application Security Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of application security analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for application security analyst
- Support managing activities of ethical hacking programs
- Support managing activities of vulnerability assessment program
- Support managing activities of secure code testing program
- Provide support over the application security program of the clients
- Document and follow up action plans
- Identify and manage information security risks
- Have a strong interaction with key areas
- Continue evolution of app security maturity expectations and OC for the enterprise
- Assess Applications security index ratings
- Create and maintain Access Control Plan
Qualifications for application security analyst
- Support Encryption Committee
- Familiar with common programming languages (i.e java, php, sql, python, ruby, html)
- Provide Level 3 Technical Support for Identity and Access Management and help implement Single SignOn
- Write efficient, re- usable, optimal, and well documented code
- Work with development team in reviewing design, coding, testing and documenting software programs for systems of the moderate to high complexity and helping in peer code reviews
- Analyze business requirements and creates software design for at least one major sub- system
3
Application Security Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of application security analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for application security analyst
- Performs web application attack & penetration (A&P) testing to find security issue such as risks, defects and logical errors
- Maintain suitable knowledge of threats, risk assignment, remediation strategies, security tools, testing techniques, and security research
- Interact with different stakeholders and business customers to gather requirements
- Manage and track documents based on the information captured and update the same to different stakeholders
- Participate in architectural reviews and suggest improvements
- Perform root cause analysis and problem management to ensure that correct resolutions are provided for capacity and architectural planning
- Work on DR plans (Author, update and maintain DR plans as per requirement)
- Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures tips and tricks for Smart books and established procedures in Run Books
- Acts as a technical advisor and subject matter expert to internal stakeholders and partners
- Maintains a working knowledge of the security capabilities of modern development languages and application design paradigms
Qualifications for application security analyst
- Minimum of 2 years Application Security experience (SAP and SFDC preferred)
- Knowledge of access provisioning and de-provisioning, role administration, CUA implementation/support and licensing controls
- Experience with implementation of SoX and FDA audit controls
- Experience with securing SAP systems including but not limited to ECC, GRC, Solution Manager, Fiori preferred
- 3+ years of progressive experience in .NET application development with hands on experience implementing application security controls such as Authentication/Authorization, Access Control, Web-Config encryption options
- Knowledge of application security best practice and OWASP top 10 application security risks such as SQL Injection, XSS
4
Application Security Analyst Job Description
Job Description Example
Our company is hiring for an application security analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for application security analyst
- Create policies, documentation and set direction for use of Web Application Firewall and technologies used to protect and defend against web threats
- Manage incidents and work with appropriate teams to help resolve issues related to the Web Application Firewall
- Serve as an application security subject matter expert, providing multi-disciplinary knowledge, skills, and experience in application whitelisting (application control)
- Design, analyze, deliver and enforce application whitelisting controls throughout the security deployment lifecycle utilizing existing standards and guidelines that support using application whitelisting technologies
- Consult on current and upcoming projects covering all levels of application whitelisting
- Help define, develop, and drive the creation and adoption of an application security program
- Provide expertise and guidance to application developers and product management on issues of application security
- Provide guidance on relevant application security industry standards and practices such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc
- Own and manage security tools inclusive of (but not limited to) Web Application Firewalls (Imperva, tCell), static code scanners (Veracode, Checkmarx), and a SIEM (LogRhythm)
- Continuously discover, evaluate, and implement new technologies to maximize security application efficiency
Qualifications for application security analyst
- 4 year degree in Computer Science, Information Systems or related discipline
- Experience with multiple programming languages (Java, Android, Objective-C/iOS, COBOL)
- Bachelor of Science Degree in Computer Science, Management Information Systems or equivalent experience preferred
- Certification of knowledge (such as OSCP, GWAPT, or equivalent) preferred
- Understanding of HTTP and web programming is required
- A basic understanding of common software vulnerabilities / application security concepts
5
Application Security Analyst Job Description
Job Description Example
Our growing company is looking to fill the role of application security analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for application security analyst
- Recommend and coordinate implementation of updates to security assurance policies and standards
- Coordinate third party vulnerability assessments
- Recommend and coordinate implementation of secure Software Development Lifecycle (SDLC) process improvements
- Plan and conduct training on security best practices for application developers, architects and testers
- Provide input into the security architecture decisions including technical architecture design and vendor management
- Work with development team and Q/A to create development lifecycle documentation, provides integrated systems planning which will enhance current systems and support corporate, business and system goals
- Assists Security Analysts, transferring application business and systems knowledge
- Implement new IDM technologies in lower environment and then then make it ready for deployment in higher environment
- Document the application functional specification and test plan for each application on boarding activity
- Coordinate with Application team and perform the on-boarding of applications
Qualifications for application security analyst
- Investigate and implement improvements in automation of security analysis of software components
- Knowledge of industry standards such as NIST, FISMA, SOC, HIPPA, ISO 27001
- IT Security Certifications such as
- Experience with application vulnerability testing tools like, but not limited to, Nessus, Metasploit, Burp, Qualys, Nmap, Kali Linux
- Application Security Assessment
- Minimum 3 years of Application security experience with remediation of SQL injection, buffer overflows, parameter manipulation, cross-site scripting