G-TECH Services, Inc. Senior Application Security Analyst in Southfield, Michigan
Outcomes & Activities:
· Perform application security assessments for new and existing applications
· Document and report application vulnerabilities and suggest mitigations
· Develop and manage a repeatable secure development process
· Analyze industry security threats and develop strategies to detect and mitigate
· Possess the ability to discuss and present technical solutions to all levels of the business
· Continuous Improvement/Innovation: Identifies, recommends and advocates for improvement opportunities for existing standards, policies and processes.
· Value Assessment: Prioritizes and identifies more critical and less critical activities and tasks; adjusts priorities as appropriate.
· Active Listening: Understands what is being said and the context in which it is being said.
· Collaboration/Customer Focus: Treats everyone like a customer and collaborates with them to clarify and achieve objectives.
· Verbal Communication: Speaks in a clear, concise, organized, and effective manner for the intended audience.
· Written Communication: Writes in a clear, concise, organized, and effective manner for the intended audience.
· Accountability/Ownership: Takes responsibility for delivering the work product.
· Escalation: Recognizes areas of risk and escalates through the correct channels in a timely manner.
· Time Management: Effectively manages time and resources to ensure that work is completed efficiently.
· Critical Thinking: Understands complex information coming from different sources to evaluate, reconcile conflicts and determine the best possible outcomes.
· Impact Analysis: Understands the rationale behind changes and how they impact the enterprise and/or applications and across the technical ecosystem.
· Solution Design: Ability to translate high-level requirements to create and implement designs that are technically sound, maintainable, cost-effective and meet the needs of the customer.
· Technical Domain: Has an understanding of the technical domain including application architecture, design and data.
· Bachelor’s degree or equivalent in Computer Science, Information Technology or closely related field of study
· Minimum of 5 years in a position in Information Technology
· Minimum 3 years in Information Security
· Strong knowledge of application security testing (SAST and DAST) and DevOps tools
· Excellent knowledge in application development and security analysis
· Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting
· Familiarity with Sarbanes-Oxley, GLBA, ISO 27001, HIPAA
· Experience with project management, and enterprise-level deployments & upgrades
· Ability to lead development group discussions on vulnerability mitigation, good coding practices, and security risks
Participate in an on-call (24x7) rotation
Function Information Technology
Req ID JN -082020-114543