Information Security Analyst

Website PowerSchool

Overview

The role of Application (software) Security Analyst is a mid-level, hands-on, engineering focused position, responsible for helping to foster a Secure SDLC and ‘secure by design’ approach and practice throughout all our software engineering teams. The role holder must have a good combination of technical and communication skills. They will work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services, API’s and systems. She or he will provide Software Engineering teams with in-depth and practical secure development expertise to engineering, InfoSec, Data, IT and other teams. They will serve as subject matter experts for the creation of secure software design, build and delivery standards, policies and procedures and they will provide security advice to colleagues.

Responsibilities

  • Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own.
  • Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues.
  • Do research and regularly consult with colleagues
  • Deliver secure software development training (e.g. OWASP Top10)
  • Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation.
  • Escalate issues, appropriately, to various teams and levels of authority inside the organization.
  • Act as the first Point of Contact (POC) for all application / software security issues, vulnerabilities, events, anomalies, incidents and investigations.

Qualifications

Minimum Qualifications

  • Bachelor’s degree in a relevant business or technical discipline is required.
  • 3+ years of relevant work experience
  • Experience in development and application security.
  • Experience securing cloud infrastructure and cloud applications.

 

Even Better If You Have

  • Experience coding in Java, Python, or Typescript, and at least one scripting language.
  • Working knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
  • Working knowledge of AWS native security tools.
  • In-depth knowledge of application security concepts, best practices and methods
  • Understanding of security by design principles and architecture level security concepts.
  • Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
  • Experience with methodologies and tools, for threat analysis of systems, such as threat modeling and software fuzzing.
  • Experience with developer tools and environments, project management and bug tracking systems.
  • Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
  • Experience in implementing and integrating security tools into CI/CD.

CLICK HERE FOR DETAILS