Job Specifications
Job Overview:
The Application Security Analyst is responsible for protecting applications and data by integrating secure development policies, processes and tools into the software development and operational lifecycle.
The AppSec Analyst influences business, development, and operations teams to ensure applications are developed and deployed securely.When vulnerabilities are found by security tools or external actors, the AppSec Analyst ensures fixes and mitigations are deployed with a reasoned risk vs benefit analysis.
Essential Responsibilities:
Influence development teams to properly secure their applications and data
Evaluate, deploy, and operate security processes and tools including training, threat modeling, code reviews and static scanning, open source analysis, pixel and JavaScript analysis, dynamic scanning, crowd sourced and traditional penetration testing, application firewalls, etc.
Assist developers with vulnerability remediation efforts based on risk vs benefit analysis
Recreate attack vectors to demonstrate risk and determine appropriate fix
Write and adapt secure coding requirements, policies, procedures, and controls
Maintain documentation of application security tools, policies, and procedures
Stay current on emerging application security threats and security trends
Additional Responsibilities:
Research and recommend new security controls, tools, processes, and technologies
Respond to security incidents and breaches according to established protocols
Support project teams in implementing secure solutions
Develop, collect, and report on AppSec metrics
Specific Knowledge, Skills, and Abilities:
2-5 years of coding experience in an enterprise, especially in DevOps and DevSecOps environments
OWASP Top 10, SANS Top 25
2-5 years of experience in information security or related IT roles
Effective communication skills to demonstrate, in technical detail, vulnerabilities and exploits that are not readily apparent
Effective communication skills to explain these concepts to non-technical stakeholders
Preferred Education, Experience and Licenses:
Industry certifications such as CSSLP and CISSP
Familiarity with risk assessment methodologies
Familiarity with AI security principles and technologies
Familiarity with cloud security principles and technologies
About the Company
B&H is proud to have been named by Forbes as one of America's Best Mid-Size Employers in 2018. View a list of our open jobs at www.bhphoto.com/careers. B&H is world renowned as the place to be for all your photo, video, pro audio and digital imaging needs. In 50 years of existence, B&H has established itself as both a Super Store located in the heart of New York City as well as an on-line resource that caters to photo and video enthusiasts -- professional and amateur alike. Long known as "The Professional Source", consumers ...
Know more