Application Security Specialist Job Description
Application Security Specialist Duties & Responsibilities
To write an effective application security specialist job description, begin by listing detailed duties, responsibilities and expectations. We have included application security specialist job description templates that you can modify and use.
Sample responsibilities for this position include:
Application Security Specialist Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security Specialist
List any licenses or certifications required by the position: CISSP, CEH, CSSLP, PKI, TLS/SSL, GXPN, GPEN, GWAPT, OSCP, AJAX
Education for Application Security Specialist
Typically a job would require a certain level of education.
Employers hiring for the application security specialist job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Systems, Technical, Information Technology, Education, Information Security, Engineering, Technology, Computer Engineering, Financial Services
Skills for Application Security Specialist
Desired skills for application security specialist include:
Desired experience for application security specialist includes:
Application Security Specialist Examples
Application Security Specialist Job Description
- Creating RFP for selecting a service provide for application security
- Analyzing application security products from various vendors
- Additional responsibilities will include hardware/software lifecycle management, problem determination and resolution, software configuration and new report generation
- Update/maintain all necessary documentation
- Timely communication with management and personnel regarding Support Request statuses
- Participate in tool selection discussions and perform POCs
- Responsibility over PeopleSoft security solution design, development, deployment/cutover, and implementation - covering all security aspects of the PeopleSoft implementation lifecycle
- Assess PeopleSoft security requirements and provide recommendations for the program
- Work with project work streams to design, implement and maintain security structures for the IPPS-A PeopleSoft application
- Routinely audit security in all PeopleSoft environments, ensuring that all users are appropriately provisioned for their work function
- Have CISSP (Certified Information Systems Security Professional) certification or working toward CISSP certification
- Permanent right to work in US
- Experience with DoD or Federal compliance testing methodologies
- Experience with reviewing, understanding and assessing DoD Cybersecurity requirements related to software security
- Basic familiarity with various Operating system, Database, Application Servers and common threat mitigation technologies
- Have intermediate software development experience in object oriented programming languages
Application Security Specialist Job Description
- Analyze and resolve security and access problems in the IPPS-A PeopleSoft environments
- Write and maintain documentation related to security design, implementation and practices
- Perform Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategies
- Assist teams in mitigation of vulnerability and static//dynamic scan results (from tools such as Nessus, Fortify, WhiteHat, Coverity)
- Assist teams implementing automated DevOps/DevSecOps tools for secure Continous Integration / Continues Deployment (CI/CD)
- Advise clients on scanning customer source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities
- Provide insight on industry standard static code analysis products, such as HP Fortify and IBM AppScan Source and Enterprise, onsite for customers
- Finance & Reliability
- Resolve tier II user security issues by working with SAP, related applications, SDM, and other Identity Management tools
- Update system data to support role and user administration processes
- Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand
- 2 years’ experience with Linux AND/OR Windows OS
- 7-9 years years of overall technical experience in system design, project development and production support of large applications/systems
- Knowledge of PeopleSoft Security Administration in a PeopleSoft 9.1 or above environment to include People Tools, Role grant functions, Workflow, PeopleSoft Security configurations, Query Security, User Preferences, Row Level Security, Component Security
- Advanced knowledge of operating system and database security (Windows, Unix, Linux, SQL, and Oracle )
- Experience deploying static/dynamic analysis tools (Nessus, Fortify, WhiteHat, Coverity)
Application Security Specialist Job Description
- Assist teammates in support of internal and cross-functional projects
- Implement security solutions given instructions and business requirements
- Lock and unlock users in support of business and IT projects
- Build functional specifications and work with SAP development to build read-only functionality
- Validate and test functionality introduced by custom development, support packs, or upgrades
- Participate in the team’s on-call support rotation
- Assist with internal and external audits, user reviews, and other compliance activities
- Identify and implement improvements to processes and procedures
- Follow defined processes and procedures for each of the above responsibilities
- Evaluate security application standards and patterns which drive key information security processes
- To suit this position you have excellent interpersonal and team working skills
- Experience implementing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation)
- Experience with Amazon Web Services (AWS) and Microsoft Azure security a definite plus
- Engineering / software development background with a “relentless automation” and devops mindset a definite plus
- 8+ years IT leadership experience in information security and privacy
- CISSP certification is highly desired
Application Security Specialist Job Description
- Develop and implement continuous service improvements to Application Security Management program
- Delivers next generation application security controls, socializing with application teams to ensure strong adoption and solves technical barriers with tools and processes
- Provide secure code programming guidance that is built on industry and academic best practices
- Update library of information security documentation with application standards, work instructions and training materials
- Develop communication plans for the enterprise security application function by partnering with business and enterprise architects
- Creates Powershell and Python scripts to automate task for the larger Global Information Security Team
- Analyzing RFP results and presenting to stakeholders
- Coordinate vendor product demonstrations and presentations
- Conducting pilot or POC with selected vendors for threat modelling, architecture reviews, code scanning and penetration testing
- Collaborating with cross functional teams and getting their buy in
- Secure software development lifecycle experience and adherence to industry benchmarks (OWASP top 10, SANS top 25, MS SDL)
- Experience in implementing dynamic and secure web services
- Understanding of multiple development processes and practices such as Agile/Scrum
- A bachelor's or master's degree in computer science, information security or other related field
- BS/BA degree or an equivalent combination of education and experience required
- Strong knowledge of RSA Archer GRC a plus
Application Security Specialist Job Description
- Ability to manually validate scan results to remove false positives, redundant, or duplicate data to test for additional classes of vulnerabilities scanners can’t report is a plus
- Meet with application, engineering, server and network teams to discuss vulnerability remediation
- Respond to telephone, ticket and e-mail requests in a professional, efficient and customer-centric manner
- Perform various programming and technical project / administrative related activities on the security applications
- Ensure report requests and account creations receive required approvals and documentation prior to creation
- Mentoring or guiding PSAS I coworkers
- Define an annual plan for end to end systems review and oversight its execution
- Develop, embed and oversee secure development lifecycle practices globally
- Develop and maintain the secure coding and testing standards an guidelines
- Undertake application end to end security risk reviews of business critical applications and infrastructure
- Must have experience with Penetration Testing
- Communication / Reporting (Reporting done via standardized language but may need to be customized)
- Technical Communication - Communicate Web Application vulnerabilities to project teams and development teams
- Dynamic Analysis
- Perform threat modelling, security testing (manual, automated), source code review (manual, automated), and penetration testing to assist in development projects for applications, new and old
- We are looking for a self-motivated, person, who is flexible and will be adaptive to a very busy work environment