IT Sr. Application Security Analyst

IT Sr. Application Security Analyst

Chicago, IL (Remote)

The American Medical Association (AMA) is the nation's largest professional Association of physicians and a non-profit organization. We are a unifying voice and powerful ally for America's physicians, the patients they care for, and the promise of a healthier nation. To be part of the AMA is to be part of our Mission to promote the art and science of medicine and the betterment of public health.

We continuously work to embed equity in our internal practices and are committed to increasing the diversity of our staff across all levels of the organization. We intentionally work to create the right conditions to enable our employees to feel that they can be their authentic selves and fully participate in the life of the enterprise.

We encourage and support professional development for our employees, and we are dedicated to social responsibility. We invite you to learn more about us and we look forward to getting to know you.

We have an opportunity for a remote IT Sr. Application Security Analyst on our IT team reporting into our Chicago, IL office.

As an IT Sr. Application Security Analyst, you will be responsiblefor the analysis, evaluation, and execution of an ideal application securityoffering that integrates development activities, information security, and theautomated release methods within the CI/CD pipeline.

RESPONSIBILITIES:

IT Application Security Analysis

• Responsible for daily researching new threats, attacks, and risks to American Medical Association infrastructure and software.
• Identify, collect, and organize credible, new intelligence and subject matter relative to current and emerging threats using all the tools, applications and open-source information.
• Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
• Implement choices through a security lens for the entire development lifecycle, including design, coding & development, QA & security testing, and release.
• Collaborative work with cloud operations team to develop key patterns and templates to implement secure guardrails.
• Secure the design, architecture, and implementation of new applications. This includes secure software development lifecycle (SDLC) practices which incorporate threat modeling and security testing.

Application Security Protocols & Practice

• Define, document, and publish application security standards in a practical and consumable format for developers. Ensure compliance with applicable security controls when writing such standards.
• Organize training to improve employees' knowledge and skills for future organizational growth as it relates to application architecture principles and standards.
• Lead vendor resources to accomplish the adoption and implementation of DevSecOps principles, training, and secure coding.
• Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, Industry regulations and best practices.

Security Controls & Architecture

• Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Contribute to the development and maintenance of information security strategy and architecture.
• Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks.
• Communicate security risks and solutions to business partners and IT staff as needed.
• Keep current with security industry best practices and applies to American Medical Association per IT strategy and roadmap to prevent incident. Implement effective integration and adoption of best practices, latest methods & techniques in identifying design flaws and software issues
• Design, lead, and project manage the development and configuration of security tools and automation based on use cases.
• Participate in or lead the creation or update of detailed operational processes and procedures related to Security Incident Management & Code development.
• Communicate and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise.
• Address questions from internal and external audits and examinations. This includes providing requested compliance reporting.

May include other responsibilities as assigned

REQUIREMENTS:

1. 5+ years of related and progressive IT and Security experience.
2. Demonstrated progression toward security certifications - CISSP, CISM.
3. Exposure to enterprise web application programming and Application Security (AppSec).
4. Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
5. Knowledge of technical infrastructure, end points, networks, databases, and systems in relation to IT Security and IT Risk.
6. Ability to work independently, take follow-up on project deliverables, go above and beyond the task at hand.
7. Excellent analytical, organizational and communication skills. Demonstrated ability to facilitate cross-functional teams. Ability to effectively prioritize and execute tasks in a complex environment.
8. Experience in continuous improvements and agile methodology.
9. Strong communication, presentation, analytical and problem-solving.
10. Excellent written and verbal communication skills.
11. BS degree in Cyber Security or related area preferred.
12. AMA's safety and policy protocols require proof of full vaccination against COVID19 for employment at AMA (including booster when eligible). Employees may apply for a religious or medical exemption from getting the vaccine.

Additional Technical Background

1. Familiarity with Static Application Security Testing (SAST) tools (such as SonarQube)
2. Familiarity with Dynamic Application Security Testing (DAST) tools (such as Snyk or Rapid7)
3. Familiarity with Web Application Firewall(s) (WAF)
4. Familiar with security standards, principles, techniques, and Frameworks (NIST, PCI, HIPAA etc.)
5. Familiarity with Database and SQL
6. Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
7. Proficiency in Microsoft Office tools (Excel, PowerPoint) and other tools such as Jira, Confluence, Service Now and SharePoint.

The American Medical Association is located at 330 N. Wabash Avenue, Chicago, IL 60611 and is convenient to all public transportation in Chicago.

We are an equal opportunity employer, committed to diversity in our workforce. All qualified applicants will receive consideration for employment. As an EOE/AA employer, the American Medical Association will not discriminate in its employment practices due to an applicant's race, color, religion, sex, age, national origin, sexual orientation, gender identity and veteran or disability status.

THE AMA IS COMMITTED TO IMPROVING THE HEALTH OF THE NATION