Application Security Analyst (Remote)

The Application Security Analyst performs all procedures necessary to ensure the safety of information systems and applications and to protect the privacy, confidentiality, integrity, and availability of company and customer data by reviewing and investigating security alerts while having a proactive approach in assisting the infosec and  engineering teams to develop secure applications. 

Responsibilities:

• Responds to security alerts created across infosec alerting systems
• Escalates security alerts requiring further investigation
• Creates new security alerts and dashboards as needed
• Performs threat hunting across information security log feeds 
• Creates Infosec policies,procedures, playbooks, and workflows
• Monitors for, investigates, and responds to security incidents 
• Performs root cause analysis on identified vulnerabilities and identified incidents 
• Conduct security reviews and penetration testing across company products and services as needed
• Conduct and assess the results of vulnerability scans and triage vulnerabilities across company products
• Stay informed on the latest vulnerabilities
• Conducts security, vulnerability and risk reviews of systems, applications, and source code through the use of various automated tools and manual testing procedures. 
• Address security throughout the SDLC
• Review security findings from container scans, dependency checks and static code analysis tools.
• Manage the bug bounty program
• Perform security reviews of the source code

Requirements:

• Bachelor’s degree in information technology or a related field preferred
• Some experience in information security and IT.
• Has an understanding of infosec concepts such as: cloud infrastructure, application security, vulnerability scanning, penetration testing.
• Some experience with infosec testing tools and scripts.
• Familiar with application development concepts: servers, databases, coding, API’s, containers, logging, troubleshooting.
• Knowledge of various operating systems, ChromeOS, Linux, Mac, Windows.
• Familiar with OWASP top 10 and MITRE ATT&CK Framework.
• Able to navigate the linux command line
• Strong verbal and written communications
• Excellent time management and organization skills
• Excellent Analytical skills
• An understanding of security best practices and frameworks such as NIST, ISO, and CIS

The base pay for this position ranges from $55,000 - $65,000, which will vary depending on how well an applicant's skills and experience align with the job description listed above.