Amplify Insight is harnessing the power of data and coaching to raise the level of performance of districts, teachers and students. Insight provides districts and states across the country with educational assessment and analytic solutions that measure student learning and drive personalized instruction. By making data actionable in real time, our Insight products and services help teachers and administrators assess student progress, adapt to student needs and accelerate student learning.
The Senior Application Security Analyst will be responsible for integrating security into the development of exciting new application platforms at Amplify. The individual will be embedded in the product development team with a dotted-line reporting relationship to the Chief Information Security Officer. The Senior Application Security Analyst will work closely with the product development team to threat model the early architecture and identify required control points in the application. The Senior Application Security Analyst will also work closely with developers to diagnose, document, and remediate application security vulnerabilities.
Responsibilities of Senior Application Security Analyst:
- Conduct threat modeling of large-scale mobile application platform
- Proactively work with teams to identify required control points in mobile applications
- Perform mobile application security assessments, code reviews, and application penetration tests
- Use automated and manual code review techniques to identify application security vulnerabilities
- Lead code reviews across a variety of languages and technical platforms
- Document vulnerabilities and work with developers on vulnerability mitigation
- Bachelor degree in computer science or related discipline, or equivalent.
- 3+ years’ experience threat-modeling and code reviewing complex applications
- Solid experience with code audit vulnerability testing and threat modeling
- Demonstrated expertise in Java and expertise in both server-side and client-side security issues.
- Experience working with common application security tools such as Fortify, WebInspect, etc.
- Experience conducting penetration tests
- Ability to evaluate technical specifications and identify, document, and explain security vulnerabilities, threats, and risks
- Security certifications such as CISSP or SANS GIAC a plus
- Knowledge of secure development techniques including the OWASP Top 10
- Strong written and verbal communication skills and the ability to interact well with different levels within the organization