Application Security Analyst Lead

As an Application Security Analyst, you will be responsible for performing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications. You will utilize Gitlab Ultimate and other relevant security tools while continuously managing vulnerabilities through identification, classification, prioritization, and effective mitigation. It is essential to be familiar with OWASP methodologies and integrate them into security practices. Collaborating closely with product development teams, you will ensure secure coding practices are followed and educate application developers on application security to raise awareness and establish a Security Champion program. Additionally, you may have the opportunity to utilize the Software Assurance Maturity Model (SAMM) to evaluate and enhance the security of software development processes. Knowledge of threat modeling for applications and the ability to identify potential threats and recommend suitable mitigation strategies are beneficial. Providing expert advice on selecting and implementing appropriate security software tools is also part of the role. In terms of skills, proficiency in programming languages such as Java is mandatory, along with knowledge of security technologies, application design and coding practices, remediation techniques, and secure coding standards. Familiarity with Python, C++, or other commonly used languages in application development is a plus. Proficiency with operating systems like MACOS, Windows, and Linux is advantageous, as well as understanding Full Stack development processes and protection mechanisms. Knowledge of patch management, firewalls, antivirus, and IDPS concepts is also desired. To be successful in this role, you should have 7-10 years of Application Security Experience and a Bachelor's degree in computer science, Information Technology, or a related field, or equivalent experience. Proven experience as an Application Security Analyst or similar role is required, along with exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills are essential, and possessing relevant certifications like CISSP, CSSLP, GWAPT, or GWEB would be advantageous. This is a full-time, permanent position that requires in-person work. If you have a total of 7 years of work experience and are experienced in Devsec Ops, we encourage you to apply for this challenging and rewarding role.,