The Application Security Analyst will be responsible for supporting application security services under Threat and Vulnerability Management (TVM).
This position will be responsible for injecting security requirement into the System Development Life Cycle (SDLC) and ensuring that security requirements are considered and built into development projects according to policies and standards.
The security analyst will also be responsible for maintaining existing TVM services by utilizing security tools for web application security testing and vulnerability remediation assistance.
Finally, the Application Security Analyst will also support vulnerability response by responding to various security vulnerabilities to Emerson by identifying the vulnerability, determining the scope, impact and course of action to remediate and assist with Enterprise communication.
PRINCIPAL FUNCTIONAL RESPONSIBILITIES
Support reviewing and enforcing security requirements with projects and the System Development Lifecycle (SDLC).
Manage, coordinate and execute web application security testing utilizing existing Dynamic Application Security Testing (DAST) tools.
Manage and drive remediation of perimeter security findings and vulnerabilities utilizing tools such as Bitsight and Security Scorecard to maintain a superior digital hygiene score.
Assist with vulnerability response by performing analysis, determining Enterprise scope, impact and remediation of identified ad hoc vulnerabilities.
Assist in the continuous development and improvement of methodologies and processes for TVM service components.
Develop and provide vulnerability reporting to customers and assist in remediation.
Review and maintenance of service documentation.
EXPERIENCE / SKILLS
1+ years’ experience in supporting application security testing
Excellent organizational, analytical, verbal and written communication skills are essential
Strong customer service skills
Ability to rapidly grasp and apply new concepts and technologies
Intermediate networking knowledge
Intermediate Web, Mobile, Vulnerability scanning technology knowledge
Working knowledge of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows)
Working knowledge of scripting languages (i.e., PowerShell, Python)
Strong self-tasking skills
Experienced in Network, Web and Mobile vulnerabilities, ethical hacking, as well as familiarity with Web and Mobile application technology implementation and software.
Familiarity with enterprise vulnerability scanners
EDUCATION / LANGUAGE
A Bachelor’s degree in Computer Science or related field, required
General knowledge of software design and engineering processes
Certified Ethical Hacker (CEH), preferred
Other security certifications : Systems Security Certified Practitioner (SSCP), preferred
Fluent in English