Principal Analyst-Application Security Analyst

• Software Services helps build First Americans product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms
• Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications
• The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML

Job Objectives:

To take ownership of application security duties and provide day-to-day support to the Application Security Manager, including:

Strong understanding and working experience with Identifying and guiding application teams in remediating OWASP Top 10 Vulnerabilities and SANS Top 25

Perform application security reviews and penetration testing towards resolution

Proactively identify and mitigate against application security risks or incidents

Assist in security training and outreach to internal infrastructure and development teams

Raise awareness of application security requirements through development and review of application security standards, policies and processes

Perform assessments and threat modelling of S-SDLC processes

Familiarity and the ability to operate with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Veracode, Checkmarx, etc.

Implement application security projects and research work as needed

Ability to document and effectively communicate technical findings to developer teams and evangelize security practices.

Help development team to mitigate application security vulnerabilities

Proven capabilities in the analysis, design, development, and implementation using C#, .NET Core, Web API, ASP.Net MVC, WCF, Winforms, WPF, SQL Server, NoSQL, Azure, etc.

Qualifications and Experience:

At least 5 years general IT experience, preferably in the insurance or financial industries

At least 2 years specialist application security experience

At least one or more recognized security certifications (CISSP, OSCP, CEH)

Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security

An understanding of web services

Experience with programming languages

Working knowledge of diverse range of key applications across different platforms

Skills, Abilities and Job-Related Knowledge:

Knowledge of OWASP tools and methodologies

Excellent written and verbal communication skills

Understanding of HTTP and web programming

Knowledge of common application security requirements

Knowledge of standard SDLC practices

Ability to quickly assimilate knowledge from outside own area of expertise

Ability to make quick but informed decisions under pressure

Innovative, critical thinking and problem-solving skills

Ability to work both independently and in a team-oriented, collaborative environment

Ability to identify security weaknesses and take ownership of tasks

Ability to effectively prioritize and execute tasks in a high-pressure environment

Good communication and organizational skills

Ability to adapt to shifting priorities, demands and timelines