Application Security Analyst:
On behalf of our Financial Services client, Procom is searching for an Application Security Analyst for an 8-month contract.
Application Security Analyst - Job Description:
The Application Security Analyst will play a pivotal role in advancing our client's DevSecOps. The role involves leading the evaluation, creation, and implementation of application security tools and processes within the CI/CD Pipeline globally. The candidate will collaborate closely with developers and DevOps professionals to ensure secure application rollouts across major operating geographies.
Application Security Analyst - Responsibilities:
- Assist with running and managing application security tools such as SAST, SCA, MAST, DAST, etc.
- Review vulnerability results and provide remediation direction to delivery teams
- Conduct reviews on tools and provide relevant tuning and upgrades with respect to penetration test findings
- Create metrics (KPI and KRIs) for the vulnerability management program and present to senior management
- Educate development teams on OWASP top 10 vulnerabilities for Web, Mobile, and APIs
- Automate redundant security tasks and bring efficiencies within existing security processes
- Provide ongoing support of mobile and web application systems in production, including responding to operational requests, problem analysis, resolution, escalation, and reporting as necessary
- Create and maintain supporting documentation
Application Security Analyst - Mandatory Skills:
- 2+ years in IT Design/Application Design & Implementation
- 3+ years Cyber Application Security experience
- 1+ year automating systems, designing automation
- Software development background (C++/Java/.NET) (2+ years)
- Experience in managing Application Security platforms SAST/DAST/SCA/MOBILE (1+ year)
- Solid understanding of DevSecOps and Agile Security concepts
- Expert knowledge of OWASP top 10 (Web, Mobile, APIs) and SANS top 25
Application Security Analyst – Nice-to-Have Skills:
- Security certifications such as GWAPT, GWEB, CEH, CASE, CSSLP or similar
- Experience reading and understanding Pen test findings
- Programming knowledge preferred
- Experience with secure development and testing of APIs, microservices, containers, and Cloud (AWS)
- Designing and implementing DevSecOps CI/CD Pipelines (1+ year)
Application Security Analyst – Assignment Length:
This is an 8-month contract
Application Security Analyst - Start Date:
ASAP
Application Security Analyst - Assignment Location:
Toronto - Hybrid work arrangements requiring 1-2x/quarter onsite