Application Security Analyst

JOB ROLE

Responsible to implement & proactively monitor Organizations applications and security solutions posture by ensuring periodic security assessments and managing vulnerabilities through remediation.

This position requires a strong understanding of security threats, vulnerabilities, and risk management to ensure the security of applications and systems.

KEY RESPONSIBILITIES

• Attack Surface Management - Monitor the vulnerabilities reported for Organization and Vendors on Attack Surface Monitoring Tool. Analyze report and follow up with respective stakeholders and vendors till closure.
• Breach Attack Simulation - Perform periodic assessment on the security solution through BAS for ensuring better security posture. Analysis of simulation reports, prioritize the findings and closure of the same.
• Web Application Scanning - Ensure all public facing or Internet applications are being scanned regularly through Web Application Scanner Tool. Review and fine-tune the false positive vulnerabilities post analysis. Report the vulnerabilities with stakeholders, follow up till closure.
• VAPT - Conduct manual application security assessment on the applications and APIs. Review all the vulnerabilities reported in Calendar VAPT assessment. Conduct the meeting with application stakeholders to discuss and conclude the closure confirmation with timelines on all the reported vulnerabilities.
• Red Teaming Assessment - Engage in Red Teaming assessment to provide all the necessary details required to carry out smooth assessment. Review all the findings reported in Red Team assessment. Discuss and fine-tune the severity of the findings basis the current security posture and compensatory controls. Share the final findings with respective stakeholders, follow up till closure. Escalate in case of timelines breached.
• BitSight Monitoring and Security Scorecard - Responsible for maintaining good security score. Identify the findings that impacting overall score of the organization, review and prioritize the closure to improve the score.
• Track and monitor all the vulnerabilities reported in the mentioned security solutions in the master tracker and review with CISO on periodic basis. Escalate in case of breached timelines.
• Good Knowledge on SSL Certificate, DNS Security and Certificate Lifecycle Management.
• Communicate to business units and cross-functional teams regarding significant third-party information security events and escalate to senior management, when applicable.

MANDATORY SKILLS REQUIRED

• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
• Breach Attach Simulation Execution and gap remediation along with MITRE ATT&CK mapping and threat modelling
• Should have good knowledge in OWASP Top 10 for Web Application Security
• Excellent Soft skills: Ability to communicate with stakeholders, presentation of both technical and non-technical findings. Should be collaborative and quick learner.
• Should have understanding of secure network architecture, segmentation and defence in depth.
• Should have understanding of designing and implementing security controls across systems, networks and applications.
• Should have ability to analyze complex security issues and clearly communicate them to non-technical stakeholders along with remediation.
• Preferred certifications: CEH, CISM, CCSP, or equivalent to Security Solutions viz. ASM, BAS, WAF, etc.