Application Security Analyst Job Description
Application Security Analyst Duties & Responsibilities
To write an effective application security analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included application security analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Application Security Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security Analyst
List any licenses or certifications required by the position: CISSP, CEH, GWAPT, CSSLP, SANS, IAT, GIAC, F5, II, GSSP
Education for Application Security Analyst
Typically a job would require a certain level of education.
Employers hiring for the application security analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Information Systems, Engineering, Information Security, Information Technology, Business, Technology, Technical, Computer Engineering
Skills for Application Security Analyst
Desired skills for application security analyst include:
Desired experience for application security analyst includes:
Application Security Analyst Examples
Application Security Analyst Job Description
- Threat Model – Think like an attacker and make sure that code we are developing is ironclad and ready to stand up to future attacks
- Static Code Analysis – Review, tune, and set policies within our SAST tool set
- Training – Provide training, and knowledge that our development teams need
- Metrics – Create valuable metrics that our program can use to measure our success
- User stories - Provides user stories to development teams from both a security and customer perspective
- Stays up to date on new attacks
- Participates in security audits and security risk assessments
- Assess and communicate security risks to the organization
- Participate in and provide input to the design of user dialog and non-dialog roles, task assignments, role mapping and user provisioning inclusive of Fire Fighter design and assignments
- Designing, defining, refining, and documenting business services, processes, job aids, operating procedures, policies, business requirements, technical requirements, business agreements and other artifacts that are understood and accepted by business owners and users of such artifacts
- Requires a minimum 5 years experience in software/web applications development
- Proficiency in Object Oriented software development practices and version controlled code development
- Proficiency working with SQL and databases such as MySql and Postgres
- Proficiency working with Tomcat or other J2EE containers
- Experience with consuming REST-based web services and JSON
- 2-3 years of experience using Remedy, HPQC or other ticketing support applications to prioritize and respond to user requests
Application Security Analyst Job Description
- Support managing activities of ethical hacking programs
- Support managing activities of vulnerability assessment program
- Support managing activities of secure code testing program
- Provide support over the application security program of the clients
- Document and follow up action plans
- Identify and manage information security risks
- Have a strong interaction with key areas
- Continue evolution of app security maturity expectations and OC for the enterprise
- Assess Applications security index ratings
- Create and maintain Access Control Plan
- Support Encryption Committee
- Familiar with common programming languages (i.e java, php, sql, python, ruby, html)
- Provide Level 3 Technical Support for Identity and Access Management and help implement Single SignOn
- Write efficient, re- usable, optimal, and well documented code
- Work with development team in reviewing design, coding, testing and documenting software programs for systems of the moderate to high complexity and helping in peer code reviews
- Analyze business requirements and creates software design for at least one major sub- system
Application Security Analyst Job Description
- Performs web application attack & penetration (A&P) testing to find security issue such as risks, defects and logical errors
- Maintain suitable knowledge of threats, risk assignment, remediation strategies, security tools, testing techniques, and security research
- Interact with different stakeholders and business customers to gather requirements
- Manage and track documents based on the information captured and update the same to different stakeholders
- Participate in architectural reviews and suggest improvements
- Perform root cause analysis and problem management to ensure that correct resolutions are provided for capacity and architectural planning
- Work on DR plans (Author, update and maintain DR plans as per requirement)
- Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures tips and tricks for Smart books and established procedures in Run Books
- Acts as a technical advisor and subject matter expert to internal stakeholders and partners
- Maintains a working knowledge of the security capabilities of modern development languages and application design paradigms
- Minimum of 2 years Application Security experience (SAP and SFDC preferred)
- Knowledge of access provisioning and de-provisioning, role administration, CUA implementation/support and licensing controls
- Experience with implementation of SoX and FDA audit controls
- Experience with securing SAP systems including but not limited to ECC, GRC, Solution Manager, Fiori preferred
- 3+ years of progressive experience in .NET application development with hands on experience implementing application security controls such as Authentication/Authorization, Access Control, Web-Config encryption options
- Knowledge of application security best practice and OWASP top 10 application security risks such as SQL Injection, XSS
Application Security Analyst Job Description
- Create policies, documentation and set direction for use of Web Application Firewall and technologies used to protect and defend against web threats
- Manage incidents and work with appropriate teams to help resolve issues related to the Web Application Firewall
- Serve as an application security subject matter expert, providing multi-disciplinary knowledge, skills, and experience in application whitelisting (application control)
- Design, analyze, deliver and enforce application whitelisting controls throughout the security deployment lifecycle utilizing existing standards and guidelines that support using application whitelisting technologies
- Consult on current and upcoming projects covering all levels of application whitelisting
- Help define, develop, and drive the creation and adoption of an application security program
- Provide expertise and guidance to application developers and product management on issues of application security
- Provide guidance on relevant application security industry standards and practices such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc
- Own and manage security tools inclusive of (but not limited to) Web Application Firewalls (Imperva, tCell), static code scanners (Veracode, Checkmarx), and a SIEM (LogRhythm)
- Continuously discover, evaluate, and implement new technologies to maximize security application efficiency
- 4 year degree in Computer Science, Information Systems or related discipline
- Experience with multiple programming languages (Java, Android, Objective-C/iOS, COBOL)
- Bachelor of Science Degree in Computer Science, Management Information Systems or equivalent experience preferred
- Certification of knowledge (such as OSCP, GWAPT, or equivalent) preferred
- Understanding of HTTP and web programming is required
- A basic understanding of common software vulnerabilities / application security concepts
Application Security Analyst Job Description
- Recommend and coordinate implementation of updates to security assurance policies and standards
- Coordinate third party vulnerability assessments
- Recommend and coordinate implementation of secure Software Development Lifecycle (SDLC) process improvements
- Plan and conduct training on security best practices for application developers, architects and testers
- Provide input into the security architecture decisions including technical architecture design and vendor management
- Work with development team and Q/A to create development lifecycle documentation, provides integrated systems planning which will enhance current systems and support corporate, business and system goals
- Assists Security Analysts, transferring application business and systems knowledge
- Implement new IDM technologies in lower environment and then then make it ready for deployment in higher environment
- Document the application functional specification and test plan for each application on boarding activity
- Coordinate with Application team and perform the on-boarding of applications
- Investigate and implement improvements in automation of security analysis of software components
- Knowledge of industry standards such as NIST, FISMA, SOC, HIPPA, ISO 27001
- IT Security Certifications such as
- Experience with application vulnerability testing tools like, but not limited to, Nessus, Metasploit, Burp, Qualys, Nmap, Kali Linux
- Application Security Assessment
- Minimum 3 years of Application security experience with remediation of SQL injection, buffer overflows, parameter manipulation, cross-site scripting