JOB FUNCTION / PURPOSE: The CyberSecurity Application Analyst will perform application security assessments, Software Development Lifecycle (SDLC) consulting, reviews code scans and follows procedures to mitigate vulnerabilities. The Analyst will work with the programming staff as an independent resource to help ensure adherence to application security best practices, such as OWASP. The Analyst will coordinate periodic application vulnerability scans against existing and new code, and will work with affected teams to achieve remediation of risk. The Analyst will help promote a risk based culture that securely enables the business in alignment with the Bank’s strategic goals.
PRINCIPAL ACTIVITIES / OBJECTIVES: * Reviews code scans created by the scanning software. * Evaluates and ensures security vulnerabilities are remediated. * Ensures periodic scanning of software occurs and is documented * Performing assessments of SDLC processes * Prepares documentation for policies and procedures * Communicates task status to supervisor * Train programming staff on best practice application security, including OWASP standards * Assist in risk assessment of application coding * Serve as part of an SDLC committee to review coding, risk, and change control processes * Stay up to date on the latest vulnerabilities and exploits in an ever changing cyber threat landscape * Prioritize project and production tasks with vulnerabilities findings using a risk based approach * Develop and track ongoing application security metrics
QUALIFICATIONS: * Associate’s degree in information systems, information technology, or other computer related program; or, equivalent experience * Minimum two years of software development experience required * Knowledge of OWASP tools and methodologies * Knowledge of common SDLC Practices * Understanding and familiarity with common code review methods and standards * Experience with high level programming languages (e.g. Java, .NET C#) * Must possess strong analytical skills. * Cyber Security training or experience preferred * Ability to work in teams and independently * Strong technical documentation skills * Some project management skills * Willing to engage in ongoing cyber and application security related training