Applications Security Specialist
Description: The Applications Security Specialist will assess new and existing applications and system deployments for vulnerabilities and critical design flaws, while also prioritizing remediation efforts based on risk.
- Research threats and attack vectors that impact web applications and infrastructures.
- Assist in application security architecture, design and control implementation.
- Analyze applications and code for vulnerabilities.
- Document and explain risks and vulnerabilities to technical stakeholders.
- Implement secure code or establish standards for secure coding with NFA's Applications team.
- Analyze and respond to vulnerability inquiries and reports.
- Develop standard scripts, processes and tools used in the system acceptance process with NFA's Applications team.
- Assess the impact of patches to existing applications with NFA's Applications team.
- Assist in developing methods to validate application security remediation.
- Develop security test plans based on application architecture and dataflow.
- Assist in the prompt investigation of security incidents.
- Assist with the engagement and coordination of third-party security assessments.
- Maintain job knowledge by understanding emerging security standards and participating in educational opportunities.
- Write recommendations for preventing or fixing the discovery of application security weaknesses.
- May perform other duties as assigned.
- Two or more years of experience working in an Applications Security or similar role
- A college degree (i.e. B.A. Information Systems or B.S. Computer Science) is preferred
- One or more information security certifications (i.e. GWEB, GWAPT, GPEN) preferred
- Knowledge of secure development principles for the Microsoft.NET environment
- Experience with system and application vulnerability assessment and penetration testing preferred
- Experience using scan, attack and assessment tools and techniques, including proficiency in at least one common framework
- Experience designing and executing web application security evaluations, individually and as part of a team
- Ability to create exploit proofs of concept
- Knowledge of the System Development Life-Cycle and experience working with development teams
- Knowledge of web application technologies and development processes
- Maintain up-to-date knowledge of current threats
- Ability to document and explain risks and vulnerabilities to technical stakeholders
- Highly motivated and dependable self-starter
- Strong critical thinking and analytical skills
- Strong oral and written communication skills
- Highly innovative, creative and detail oriented detail
- Ability to multi-task and adjust to shifting priorities is critical
- Knowledge of third-party HR and Treasury applications is strongly preferred
- Ability to install, customize and navigate applications
- Bachelor's Degree in Computer Science or Information Technology (IT) preferred
- Minimum three years of database and programming/development experience in enterprise environment
- Minimum two years of experience as an applications administrator and developer