The successful candidate will aid in the administration of the application security testing schedule across multiple vendors, conduct troubleshooting activities and coordination tasks during testing, and assist with the validation and review of results with application development teams.
- Work with business partners to schedule security assessments for ad hoc application security assessments and re-tests
- Work with application owners to schedule annual application security assessments and re-tests
- Collaborate with stakeholders across the organization to ensure security findings are classified, documented, remediated, and managed appropriately
- Assist with validation and review of test results with application development teams
- Assist with tracking application development team vulnerability remediation timelines and progress across high, medium, and low risk findings
- Produce ad hoc application security vulnerability metric reports
- Conduct problem solving and troubleshooting activities during security testing
- Assist with pre-assessment activities such as test scoping, IP address whitelisting, change requests, test account acquisition & validation, and other activities
- Other application security related tasks that may be assigned
The following is a summary of key skills required for the AppSec Analyst position in support of the Risk Management Application Security Program
- 3+ years of relevant work experience, preferably with working on a cross-functional team in an outsourced environment, managing resources, priorities, and schedules.
- Experience interacting with developers, business analysts, and other team members to identify, report and troubleshoot security defects in a detailed, efficient, and timely manner
- Effective communication and presentation skills; ability to adjust to technical and non-technical audience.
- Strong analytical skills and ability to find creative solutions to complex SDLC problems
- Knowledge and familiarity with standard Software Development Lifecycle (SDLC) methodologies
- Experience working with a Managed Application Security Provider
- Experience using, configuring, and administering dynamic and static software testing toolsets such as Veracode, Burp Proxy, Wireshark, Fiddler
- Technical experience working with common code review methods and standards; including OWASP Top Ten Risks, open source tools, and methodologies.
- Knowledge of common security requirements within .NET, PHP, Java (Android), Objective C and Swift (iOS) applications
- Familiarity with Adobe Experience Manager (AEM)
- Familiarity with the Magento eCommerce Platform
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178