Security Analyst - Applications

This job is no longer active. View similar jobs.

POST DATE 9/8/2016
END DATE 10/8/2016

TIPS Consulting Minneapolis, MN

Minneapolis, MN
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)
Bachelors Degree


In this role, the selected candidate will perform security risk assessments of web & mobile applications across multiple platforms leveraging manual penetration testing techniques and security tools. Job Duties: Perform security risk assessments of web & mobile applications across multiple platforms leveraging manual penetration testing techniques and security tools. Manage/Operate security testing tools including but not limited to, source code review tools like HP Fortify, dynamic scanning tools like Qualys WAS/Accunetix/Burp Suite and other similar products Assist in the implementation and execution of the secure SDLC process. Train Application Developers for secure coding practices Be responsible for security touch-points within the SDLC, from security requirements through implementation, testing and deployment. Recommend suitable solutions to address vulnerabilities in applications by interpreting test reports Track and manage all application security remediation activities Represent the Security organization in cross-functional or special projects and new initiatives as assigned Research and Report on security vulnerabilities and latest advancements in vulnerability assessment technologies and application security Coordinate with internal application development teams and communicate technical security concepts in business terms. Provides effective written and verbal communications. Understand compliance requirements that may impact security and work with business areas and project teams to develop security solutions that address these requirements. Complies with U.S. Food and Drug Administration (FDA) regulations, other regulatory requirements, Company policies, operating procedures, processes, and task assignments. Maintains positive and cooperativecommunications and collaboration with all levels of employees, customers, contractors, and vendors. Performs other related duties and responsibilities, on occasion, as assigned.Equipment: List the type of equipment the incumbent will utilize in this position.Works with standard office equipment such as telephone, cellular phone, fax/copier, and a personal computer with standard office software.General Qualifications Bachelor s degree in Computer Science, MIS, Information Assurance, or related field. Equivalent combinations of education and work experience may be considered. 5+ years of experience in software development/application security testing. In-depth experience with tools such as HP Fortify, Accunetix, Burp Suite is preferred. Certificate in CISSP / CISA / CISM / GIAC Web Application Penetration Tester (GWAPT) / GIAC Intermediate Web and Mobile technology knowledge (i.e., HTTP, HTML, SQL, IOS, Android) Competent with application level security controls e.g. authorization and access control, session management, cross site scripting, command injection Flaws, buffer overflows, web application and serverconfigurations Strong knowledge of IT security frameworks (ISO, NIST etc.) and related processes Strong knowledge of application security & OWASP framework Energetic team player with strong initiative, team orientation and good problem solving skills. Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner, and be able to meet assigned deadlines and service levels. Demonstrated interpersonal skills, including the ability to listen, resolve problems, deal with unresolved issues, delays and unexpected events, and the ability to effectively communicate and maintain rapport withsupported customers. Excellent communication skills with demonstrated ability to write clear, concise business communication for multiple levels (management, technical, user). Able to understand and leverage the IT and business vision and strategy to support solution definition Able to professionally represent the Security function to key business stakeholders Ability to work in a highly matrixed and geographically diverse business environment. Ability to work within a team and as an individual contributor in a fast-paced, changing environment. Ability to leverage and/or engage others to accomplish projects. Ability to travel approximately 10%, including internationally.