Application Security Analyst
Key Responsibilities Include:
- Maintains awareness of the latest critical information security vulnerabilities, threats, and exploits
- Provides Information Security expertise and guidance to business group leaders and IT owners to evaluate and articulate application security requirements; identify potential security risk factors and business impact.
- Provide guidance on existing and emerging threats in the web and mobile application space, as they apply within the AbbVie environment.
- Conducts and facilitate security reviews throughout the application development lifecycle including tasks such as:
- Designing, performing, and improving security assessments for AbbVie applications across the enterprise.
- Static (SAST) & Dynamic (DAST) Application Security Testing and/or penetration testing of applications and source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities.
- Communicating technical application security concepts to customer, including developers, architects, and managers.
- Training customer staff on application security and remediation of application security code defects.
- Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis.
- 5 years of direct enterprise level software development experience in any of the following:
• .Net Framework (C#, VB, ASP)
• Web Applications (N-Tier)
• Mobile / Application Services
- 3 years of direct application security and/or security developer experience
- Demonstrate subject matter expert level knowledge of web application vulnerabilities and web application business logic flaws and threats.
- Demonstrate in-depth, understanding of application architectures and technology; including web applications, mobile technology, data encryption, and identity and access management.
- Demonstrate a strong background in development, security testing, and writing security user stories and detailed technical specifications for security in application and product designs.
- Demonstrate skills in project management, collaboration, communication, and organizational skills.
- Hands-on Experience with manual vulnerability testing and static code analysis is strongly desired.
- Proficient with Tools such as HP Web Inspect, HP Fortify SCA, IBM AppScan and manual tools such as Burp Suite, ZAP Proxy, Dirbuster, Nikto, metasploit, SOAPUI and other open source security tools.
- Candidate must have deep understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE.
- Certification such as OSCP, OSWE or ECSA is a plus
- Written and verbal communication skills are critical.
- Adept at communicating concepts to diverse audiences with varying skill sets.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled