Application Security Specialist
Posted on Mar 10, 2019 by Ascension
We Are Hiring
Application Security Specialist - Infra Security - FT, Day - Ascension Headquarters - St Louis, MO
Why Join Ascension?
We provide Ascension and its subsidiaries low-cost, high-value IT infrastructure and software application services that:
• Support rapid and effective clinical decision making
• Improve efficiency and care transitions
• Foster information sharing across the continuum of care
• Make knowledge and data actionable, leading to improved patient outcomes
What You Will Do
The Application Security Analyst will focus on evaluating the security posture of Web Applications, Mobile Applications, API's and Web Services. The Application Security Analyst will work jointly with Development Teams and Architects to review application code and be able to articulate security posture of applications and back-end systems. Conduct web and mobile application security vulnerabilities assessments using Static Application Security Testing (SAST) and / or Dynamic Application Security Testing (DAST) using scanning tools and manual checks to notify the appropriate development team to take necessary action. An understanding of modern web application development languages is necessary to communicate mitigating controls and potential remediation activities.
- Work with developers to refine security checkpoints in the SDLC that are based industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
- Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Use automated tools along with manual testing to perform source code security analys to identify vulnerabilities and attack vectors in web applications.
- Work with information security analysts to refine web application penetration testing methods and breadth of security services.
- Obtain and review all required artifacts as part of various security checkpoint phases in the development lifecycle cycle.
- Assist with periodic security risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
What You Will Need
- Bachelor's degree preferred or equivalent experience
- Ten years of experience preferred
Desired Skills and Work Experience:
- Two years of experience with a focus on web application security methods preferred.
- Security risk assessment and systems security audit work experience is highly desired.
- Experience working with common application security tools such as Fortify or BurpSuite is a plus.
- CISSP, CEH or other technical security certifications preferred
- Self-starter with the ability to perform tasks as an individual contributor or as a project lead.
Equal Employment Opportunity
Ascension Technologies participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.
E -Verify (link to E-verify site)