Senior Application Security Analyst

Location: Manhattan, New York Salary: Negotiable
Sector: Banking and Finance, IT Type: Permanent

Senior Application security Analyst opportunity to contribute to the secure SDLC program and application security architecture. This role would be working on a team of a Global Investment Management Firm in NYC responsible for the development, enforcement, and monitoring of security controls, policies and procedures, disaster recovery, and GRC. This role allows the ability to work independently with minimal oversight.

Responsibilities Include:

  • SME for best practices and security controls for application security
  • Identify and perform functional requirement reviews and technical design reviews
  • Manage the application vulnerability assessment process and tools (SAST and DAST) focused on client-server, web, and mobile applications
  • Providing reports to development management and business management
  • Balance risk by aligning policies and procedures with business and regulatory requirements
  • Provide detailed explanations to application developers about vulnerability findings
  • Report key vulnerability remediation metrics and dashboards to management.
  • Analyze information security systems/applications; make recommendations and develop security to protect information
  • Work with developers implementing application security practices and controls

Required Experience:

  • Bachelor's degree in a technical or business discipline
  • CISSP, GIAC, CISA, CISM, TOGAF certifications preferable
  • 4+ years of experience in information security or a related field, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
  • Experience with Application Security Testing (SAST & DAST) tools, and enterprise architecture tools
  • A broad understanding of Cybersecurity and application development practices
  • A deep understanding of application vulnerabilities, OWASP Top 10 and SANS Top 25 vulnerabilities
  • Strong experience with data visualization concepts and tools
  • Veracode (or other SAST/DAST tools), Jira, ServiceNow, and Splunk experience is preferable

Sthree US is acting as an Employment Agency in relation to this vacancy.