Phoenix Recruitment · 14 hours ago
Application Security Analyst
Maximize your interview chances
IT System Custom Software Development
Insider Connection @Phoenix Recruitment
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Manage the division-level application security program.
Manage security posture for existing divisional applications and establish a prioritized backlog of projects to ensure policy compliance.
Work with divisional business, IS&T team members, and technical stakeholders to ensure new projects/applications conform to the Wier application security policy.
Act as a Divisional single point of contact for applications security and secure development program.
Ensure advice provided is of a high standard and based on the latest best practices, supported by Security Leadership and weighing the cost and risk tolerance of the organization.
Assess changes for technical vulnerabilities, and threat models, assess security risk exposure, and identify appropriate controls to bring the risk within tolerance.
Deliver risk assessment reports, threat modeling, and risk treatment recommendations in a timely and repeatable manner.
Contribute to, and maintain, an effective risk management mechanism to ensure that system owners have an accurate and current view of information risk exposure.
Work with SecOps and help them to build use cases to identify, and detect vulnerabilities, logging and monitoring, threat intelligence, and incident response.
Manage Applications security Patching Program.
Keep track of all divisional applications' security and their security patching version vs status.
Coordinating security patch updates with application admins/owners to ensure applications are up-to-date.
Work closely with all areas of Security to provide continuous improvement of the advice provided from knowledge gained from analyzing and resolving information security incidents that can be used to reduce the likelihood and/or impact of future incidents.
Work closely with specialists in Security Operations to build operational use cases for detection and response capabilities by ensuring Logging and Monitoring, Incident Response, and Threat Intelligence are all considered and included in security requirements, are implemented, tested, and validated by the business change delivery owner.
Demonstrate 100% commitment to our zero-harm behaviors in support of our drive toward developing a world-class safety culture.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
1+ years of experience
Understanding of Cloud migration and Application Security development lifecycle and DevSecOps principles, automation, and familiarity with security architecture modeling
Knowledge and experience securing Azure and/or AWS
Knowledge and experience using at least one risk methodology
Security Software as a Service implementations
Strong stakeholder management and communication skills and a proven track record of working with businesses to meet strategic objectives
Any equivalent combination of education and experience will be considered for candidates who can perform the objectives above.
Preferred
Experience in threat modeling, risk/organization.
Patching Program: Manage Applications security Patching Program. Keep track of all divisional applications' security and their security patching version vs status. Coordinating security patch updates with application admins/owners to ensure applications are up-to-date.
Continuous Improvement: Work closely with all areas of Security to provide continuous improvement of the advice provided from knowledge gained from analyzing and resolving information security incidents that can be used to reduce the likelihood and/or impact of future incidents.
Compliance & Testing: Work closely with specialists in Security Operations to build operational use cases for detection and response capabilities by ensuring Logging and Monitoring, Incident Response, and Threat Intelligence are all considered and included in security requirements, are implemented, tested, and validated by the business change delivery owner.
Safety First: Demonstrate 100% commitment to our zero-harm behaviors in support of our drive toward developing a world-class safety culture.
Experience in agile and waterfall delivery environments
Recognized security professional qualifications (e.g CISSP, CCSP, CISMP)
Cloud-specific qualifications (e.g – CSA CCSK, CCSP, AZ-900)
Company
Phoenix Recruitment
Phoenix Recruitment is a leading staffing and recruitment firm that helps companies of all sizes find the best possible talent.
Funding
Current Stage
Early StageCompany data provided by crunchbase