Applications Security Analyst

Job Description

The Application Security Analyst reports directly to the team lead of Vulnerability Management and Applications Security. The role is responsible for identifying vulnerabilities and weaknesses in applications before they go live to reduce company's attack surface and supports the operational teams in the understanding of vulnerabilities. This position is responsible of the proper maintenance, configuration and governance of the solution used for scanning the target applications. This role requires constant communication with the operational teams and other stakeholders, supervision of the processes and making sure that the service quality is delivered with the highest standards. Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 3 years of experience in Applications Security scans, Vulnerability Management or related cyber security experience. Excellent verbal and written communication skills Excellent team player that demonstrates proactiveness Strong analytical and interpersonal communication skills, including the ability to communicate effectively Mandate Skills: Service-related expert knowledge Experienced in designing and implementing secure tests Secure configuration management techniques Knowledge of software quality assurance process Knowledge of secure software deployment methodologies and tools Ability to document technical concise and understandably Experience in the use of Application Security Testing tools Understanding of the attack surface and company security posture Knowledge in log analysis and troubleshooting of issues Advanced knowledge of application related vulnerabilities Cyber security and technical knowledge Experienced in discerning the protection needs (i.e., security controls) of information systems and networks Experienced in estimating specific operational impacts of cybersecurity incidents caused in applications Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Knowledge of cybersecurity principles and methods that apply to software development Consideration of laws, regulations, policies, and ethics (GDPR, etc.)