The Application Security Analyst will be responsible for providing application security expertise and supporting secure coding practices throughout the NBCUniversal enterprise. This position will be responsible for accomplishing the auditing and testing of secure coding and design standards for all applications across the NBCUniversal family of companies. Additionally, this position will be responsible for supporting and assisting management of a supplier security risk assurance program.
• Work with application teams enterprise-wide to detect, prioritize, and remediate security defects throughout the SDLC process. Strive to develop a security mindset throughout the full SDLC from concept to testing and implementation.
• Serve as Liaison between Program Teams and security review service partners to submit, review and assist in remediation of applications.
• Perform internal application security assessments as needed. This may involve threat modeling, security design reviews, high level application penetration testing, and security issue remediation verification.
• Support development of an effective system to collect and report meaningful metrics from security issues identified in all reviews.
• Support the conduct of hands on technical security awareness training for software architects and development groups.
• Work with other members of the Information Security Team to design a standard Supplier Security Assurance process for use throughout NBCUniversal.
• Assist in performance of supplier security risk assessments to identify security issues and provide recommendations for improving supplier security controls.
• Work with other team members on any initiatives as appropriate.
• Degree in Computer Science or equivalent field of study
• Minimum 3 years’ experience working with end-to-end SDLC process
• Minimum 3 years’ experience working with infrastructure architecture.
• Minimum 3 years’ experience of application development, design, architecture and/or testing.
• Minimum 3 years’ experience working with recognized IT Security-related standards and technologies.
• Minimum 2 years’ experience in large global environments spanning multiple time-zones.
• Training in Information Security-specific disciplines
• Prior experience performing application penetration testing or black box reviews.
Apply to job
Save to cart