Applications Security Specialist

Description: The Applications Security Specialist will assess new and existing applications and system deployments for vulnerabilities and critical design flaws, while also prioritizing remediation efforts based on risk.


  • Research threats and attack vectors that impact web applications and infrastructures.
  • Assist in application security architecture, design and control implementation.
  • Analyze applications and code for vulnerabilities.
  • Document and explain risks and vulnerabilities to technical stakeholders.
  • Implement secure code or establish standards for secure coding with NFA's Applications team.
  • Analyze and respond to vulnerability inquiries and reports.
  • Develop standard scripts, processes and tools used in the system acceptance process with NFA's Applications team.
  • Assess the impact of patches to existing applications with NFA's Applications team.
  • Assist in developing methods to validate application security remediation.
  • Develop security test plans based on application architecture and dataflow.
  • Assist in the prompt investigation of security incidents.
  • Assist with the engagement and coordination of third-party security assessments.
  • Maintain job knowledge by understanding emerging security standards and participating in educational opportunities.
  • Write recommendations for preventing or fixing the discovery of application security weaknesses.
  • May perform other duties as assigned.


  • Two or more years of experience working in an Applications Security or similar role
  • A college degree (i.e. B.A. Information Systems or B.S. Computer Science) is preferred
  • One or more information security certifications (i.e. GWEB, GWAPT, GPEN) preferred
  • Knowledge of secure development principles for the Microsoft.NET environment
  • Two or more years of experience using system development technologies such as Microsoft.NET and JavaScript a plus
  • Experience with system and application vulnerability assessment and penetration testing preferred
  • Experience using scan, attack and assessment tools and techniques, including proficiency in at least one common framework
  • Experience designing and executing web application security evaluations, individually and as part of a team
  • Ability to create exploit proofs of concept
  • Knowledge of the System Development Life-Cycle and experience working with development teams
  • Knowledge of web application technologies and development processes
  • Maintain up-to-date knowledge of current threats
  • Ability to document and explain risks and vulnerabilities to technical stakeholders
  • Highly motivated and dependable self-starter
  • Strong critical thinking and analytical skills
  • Strong oral and written communication skills
  • Highly innovative, creative and detail oriented detail
  • Ability to multi-task and adjust to shifting priorities is critical 
  • Proficient in standard database and web development technologies such as Oracle, SQL, CSS, JavaScript and Microsoft SQL Server Database
  • Knowledge of third-party HR and Treasury applications is strongly preferred
  • Ability to install, customize and navigate applications
  • Bachelor's Degree in Computer Science or Information Technology (IT) preferred
  • Minimum three years of database and programming/development experience in enterprise environment
  • Minimum two years of experience as an applications administrator and developer

Location: Chicago

Chicago's 101 Best and Brightest Companies to Work For

Top 100 Workplaces

Crain's Best Places to Work in NYC

Best Places to Work in Illinois

100 Best Adoption-Friendly Workplaces

National Best and Brightest Companies to Work For

National Best and Brightest Companies to Work For

National Best and Brightest Companies to Work For