Apply on Employer Site

ICE · 2 days ago

Analyst, Application Security

Atlanta, GA

Full-time

Onsite

Entry, Mid, Senior Level

Intercontinental Exchange, Inc. is seeking an Application Security Analyst to ensure the security of their applications. The role involves performing code analysis, conducting penetration testing, and collaborating with development teams to establish secure design practices.

E-CommerceFashionJewelryMarketplace

No H1B

U.S. Citizen Only

Responsibilities

Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing

Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS

Secure Design - Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases

Tool Management - Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application’s security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners, Web Application Firewall (WAF) and bug bounty programs

Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities

Qualification

SAST toolsDAST toolsApplication SecurityJavaC++.NETCryptographyCheckmarxBurpSuitePythonDeveloper EducationMentoringTeam Collaboration

Required

Ensuring that ICE produces and maintains secure applications

Influencing secure design

Performing code analysis

Identifying vulnerabilities through hands-on penetration testing

Assisting developers in remediation efforts

Communicating findings to developers, QA teams and management

Operating the Application Development Security Lifecycle from design review through automated and hands-on testing

Maintaining and contributing to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS

Working with development teams to establish security requirements early in the SDLC

Contributing security subject matter expertise during the development of new projects and releases

Focusing on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners, Web Application Firewall (WAF) and bug bounty programs

Keeping software engineers apprised of secure coding practices

Building strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities

Preferred

Software engineering experience in Java, C++, .NET and/or related languages

Expert at deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in large environments

Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM)

Familiar with blockchain, public/private key management, cryptocurrency, and/or experience securing enterprise implementations

University degree in Computer Science, Engineering, MIS, CIS, or related discipline