The Lead Security Analyst - Applications will be responsible for: implementing, administering, and managing security across all platforms and applications supported by corporate IT; enforcing the security standards across all platforms and applications; and complying with requirements of external security audits & recommendations.
- Ensures secure coding standards; performs code review.
- Advises development team on secure coding practices.
- Analyzes, troubleshoots, and corrects application/platform security related problems.
- Performs analysis of application security tool needs; contributes to design, integration, and installation of hardware / software.
- Modifies and maintains operating system security standards.
- Monitors security system logs (i.e., intrusion detection system, firewall system logs, etc.) and reports on discovered anomalies or problems (i.e. insufficient disk space, inappropriate access patterns, etc.).
- Assists with application security assessments for potential business partners.
- Keeps fully abreast of trends and changing technologies related to information security fields.
- Conducts violation / vulnerability report review; coordinates IT risk mitigation.
- Investigates IT security violations, known vulnerabilities, and data breaches.
- Performs vulnerability assessments; conducts compliance activities in response to internal and external audits.
- Performs security research & vendor evaluations at the direction of the ITRM Security Architect; assists with testing and implementation of security solutions.
- Maintains / enforces security policies and standards.
- Acts as interface with and liaison to business and IT application owners; ensures applications, infrastructure components, and access are appropriately assessed.
- Assists with application code security scans and remediation of findings.
- Assists IT Security Architect with IT security reviews and signoffs for new systems development projects.
- Executes security incident response procedures in accordance with threat levels.
- Monitors the schedules for upgrading, repairing, modifying, or replacing IT security systems, devices, and applications; monitors eCommerce-related processes and equipment.
- Communicates effectively (both written and verbal).
- Learns new tools and technologies quickly.
- Manages multiple priorities and follows a project plan to meet project deliverables.
5+ years experience in information technology.
Recent direct experience in implementing security for applications, databases, and platforms.
Prior experience securing various operating systems in a corporate environment (i.e., Windows, Unix).
Prior experience evaluating application vulnerabilities and recommending remediation.
Experience working in an organization that provided exposure across multiple IT functional areas (i.e., infrastructure, networking, security, data management, and application development).
Direct experience managing one or more of the following:
Knowledge of common security tools such as content filtering and multi-factor authentication.
- SSL VPN
- Multi-factor authentication solutions
- DLP solutions
- Vulnerability management solutions (including IDP or IDS)
Additional Information: Travel Percentage: 10%
Monster - 17 months ago