IT Security Analyst

Job Summary:

The Associate Application Security Engineer is responsible for ensuring the security of the organizations business applications including code scanning (SAST/SCA/DAST), web-application firewall, API security and/or penetration testing validation. The individual will work closely with application development and production support teams to coordinate risk assessment, vulnerability analysis and remediation for business. This individual will also need to educate and assist application teams to adopt secure development best practices. The Associate Application Security Engineer will help define and drive the implementation of these capabilities and work to integrate application security processes within the SDLC and CI/CD processes.

Ideal candidate will be a current Associate Application Security Engineer or college graduate looking for a new challenge in a fully remote position or a Developer who has a demonstrated passion and skillset for information security looking to change roles.

Principal Responsibilities and Essential Duties:

• Application of secure code practices. Ensuring compliance with secure coding practices. Ensuring products and services are scanned for defects and security issues. Ensuring those defects and security issues are resolved. Coordination with IT, DevOps, Software Engineering and Development teams on remediating defects that are related to security issues.
• Training Developers on secure code practices. Ensuring the SDLC includes secure coding methodology. Ensures that the user community understands and adheres to necessary procedures to maintain security.
• Performs root cause analysis of application security issues and provides recommendations to stakeholders on the best course of action to remedy the problem.
• Performs ongoing application security reviews to ensure compliance with internal security standards and regulatory requirements.
• Assist in responses to external audits, penetration tests and vulnerability assessments.
• Completion of documenting processes and completion of support tickets
• Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
• Interview, develop, coach, lead and retain top-tier talent, with a focus on building and improving a team and culture that is able to assist in employing best in class practices to support and drive high levels of internal and external customer satisfaction.
• Complete all responsibilities as outlined on annual Performance Plan.
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.
• This job description is intended to describe the general nature and level of work being performed and is not to be construed as an exhaustive list of responsibilities, duties and skills required. This job description does not constitute an employment agreement and is subject to change as the needs of Cotiviti and requirements of the job change.

Requirements:

• Demonstrated passion for information security and application security.
• Basic understanding of SDLC & IT operations
• 2-3 years in application security with hands-on exposure to vulnerability scanning tools or open source InfoSec tools - industry standard platform like Veracode, Rapid7, Burp Suite and/or Fortify.
• Understanding of project management and ability to track and report progress against established milestones, metrics, and deliverables.
• Strong written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
• Aptitude for problem solving. Self-starter, team player, personable, enthusiastic, hardworking, and enjoy interfacing with external and internal customers on a day-to-day basis.
• BS degree in Cyber Security/Computer Science/Computer Programming

Skills which would be a plus for consideration:

• Hands-on experience administering a variety of secure code platforms with proven ability to run static and dynamic application security tests (SAST and DAST).
• Vulnerability management and remediation experience.
• Experience with agile development methodologies (Scrum, Kanban, sprint iterative).
• Security or IT certification (CompTIA Security+ or equivalent).
• Development or coding skills. Experience in Java and/or .NET platforms

Physical Requirements: