Our Banking Client is seeking an IT Security Analyst to join their Application Security team which has global accountability and is highly supportive of the Bank's business, enabling execution of the Bank's strategies, operations, and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.

The ideal candidate would have strong hands-on experience as an IT Security Analyst. Specifically working in a team environment on a multifaceted project. Top qualified talent will be able to demonstrate that they have strong working experience with Application Security related tools and standards and would be able to adapt to Client's processes with ease.

Role and Responsibilities:

Support the Senior Manager, Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including:

• Ensure production code releases are delivered with no Critical or High vulnerabilities
• Develop and/or enhance strategies and processes to manage web application security vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage web application vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management to provide proper tracking and measurement of remediation relative to established objectives
• Recommend, design, assess, implement, deploy and maintain application security controls required to protect Bank and its customers.
• Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

Required Skills:

• 10+ years of experience as an IT Security Analyst
• Experience that demonstrates a comprehensive understanding of multi-tier Web Applications, web APIs, related vulnerabilities and potentials threats, current information released by organizations such as OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and Exposures)
• Experience that demonstrates a comprehensive understanding of the HTTP protocol, Secure Software Development Lifecycle (SDLC) and Web Programming for multi-tier web applications and web services, eg. experience with some of these: JavaScript, SQL, HTML, XML, ASP.net, VB.net, Java, PHP, Python, PowerShell, or Ruby, is essential.
• Demonstrated experience working with the OWASP Application Security Verification Standard (ASVS).
• Experience performing source code and/or application security assessments, including risk assessments and penetration testing, with vulnerability testing and scanning tools, with at least one of these: Checkmarx, BurpSuite, Acunetix, NetSparker, WebInspect, AppScan, SQLMap, ZAP, and Fortify.
• Excellent written and oral communication skills. Ideas must be able to be understood and shared easily.
• Strong organizational skills

Desired Skills:

• Prior Financial Institutional Experience
• Experience with gateway technologies and network devices such as Load Balancers, Proxies, IPS, WAF, API Gateway.
• Experience generating reports and tailoring communication strategies for various levels of technical staff, executive management, and business clients.

Education:

• University degree or college diploma in technical field such as computer science
• CISSP and/or CISA designation beneficial but not required.
• CEH, OSCP, OSWE designation beneficial but not required.