PLEASE NOTE: Qualified candidates not located near a Sallie Mae office and have the ability to work remotely from a home office are encouraged to apply.
The Web Application Security Analyst is responsible for providing application security evaluation and assessment service for all Sallie Mae computer systems, applications, platforms and mobile devices used in the organization along with vendor-supplied or outsourced code. The Web Application Security Analyst conducts detailed application security reviews, research, and analysis to identify and resolve application security issues, focusing mainly on web and mobile applications. The Web Application Security Analyst often provides assessment services and support for large scale project initiatives, new vendor code integration and major system implementations. The Web Application Security Analyst helps grow and maintain the application security program. The individual will utilize investigative, analytic, and vulnerability analysis skills to help identify application security issues for users, clients and technical support staff. Information Security Analysts may also administer and help support Information Security management programs and initiatives related to application security, such as developer and QA training. This position will also perform routine analysis of application security controls, conduct assessments and run ad hoc reports to help maintain the integrity of Sallie Mae's security systems. Application security skills, specifically static and dynamic analysis, proven technical ability, analytical thinking, organization, self-motivation, enthusiasm, flexibility, good communication skills, and a customer service focused attitude are highly desired.
- Produce threat models for mobile and web applications.
- Effectively communicate with senior executives concerning risk and risk mitigation strategies.
- Review 3rd-party developed code before it is integrated with the company's website.
- Interact with marketing, sales, channel partners and business partners directly as needed to assist them in understanding security flaws reported and providing remediation strategies.
- Augment the Security Architecture group as needed to assist with design review and architecture development.
- Participate in internal RFP review, Design Review, QA and User Acceptance Testing.
- Train developers and QA personnel in Application Security.
- 5-8 years as an Application Developer on one or more of the above platforms and a desire to make a career shift into security
- Familiarity with mobile applications, Objective C and Xcode, and iOS and Android mobile devices
- Static and dynamic security analysis, fuzzing
- Automated web application vulnerability scanning
- Strong analytical, organizational, and technical writing skills
- Self-motivated, results driven, and able to work effectively in a team/operations environment.
- Excellent report writing skills
- Familiarity with other modern programming languages and frameworks
Navient - 2 years ago
Sallie Mae, founded 28 years ago, provides funds for educational loans, primarily federally guaranteed student loans originated under the...