The Application Security Analyst will be responsible for supporting application security services under Threat and Vulnerability Management (TVM). This position will be responsible for injecting security into the System Development Life Cycle (SDLC) and ensuring that security is considered and built in to development projects according to policies and standards. The security analyst will also be responsible for maintaining existing TVM services by utilizing security tools for web and mobile application security testing, vulnerability remediation assistance and enabling Web Application Firewall (WAF). Finally, the Application Security Analyst will also support vulnerability response by responding to various security vulnerabilities to Emerson by identifying the vulnerability, determining the scope, impact and course of action to remediate and Enterprise communication.
The Application Security Analyst will interface with the Emerson Business Group information security and application leaders to provide timely security assessments, reporting, guidance and assist with remediation.
· Support reviewing and enforcing security requirements with projects and the System Development Lifecycle (SDLC).
· Manage, coordinate and execute web and mobile application security testing utilizing existing Dynamic Application Security Testing (DAST) tools.
· Manage and drive remediation of perimeter security findings and vulnerabilities utilizing tools such as Bitsight and Security Scorecard to maintain a superior digital hygiene score.
· Assist with vulnerability response by performing analysis, determining Enterprise scope, impact and remediation of identified ad hoc vulnerabilities.
· Perform firewall rule and port request analysis, review and coordination.
· Perform application analysis and define WAF Policies to mitigate application exploits
· Assist in the continuous development and improvement of methodologies and processes for TVM service components.
· Provide detailed communication, guidance and remediation support for our worldwide customers
· Develop and provide vulnerability reporting to customers and assist in remediation
· Review and maintenance of service documentation
· Track and manage vulnerabilities and remediation
· A Bachelor’s degree in Computer Science or related field, required
· General knowledge of software design and engineering processes
· 3- 5 years’ experience in supporting application security testing
· Excellent organizational, analytical, verbal and written communication skills are essential
· Strong customer service skills
· Ability to rapidly grasp and apply new concepts and technologies
· Intermediate networking knowledge
· Intermediate Web, Mobile, Vulnerability scanning technology knowledge
· Working knowledge of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows)
· Familiar with Web Application Firewall technologies such as F5 ASM
· Strong self-tasking skills
· Experienced in Network, Web and Mobile vulnerabilities, ethical hacking, as well as familiarity with Web and Mobile application technology implementation and software.
· Familiarity with enterprise vulnerability scanners
· Ability to test a variety of projects simultaneously and to learn about new tools and application security testing methodologies in a team-oriented environment
· Security+, preferred
· Certified Ethical Hacker (CEH), preferred
· Offensive Security Certified Professional (OSCP), preferred
· Other security certifications: Systems Security Certified Practitioner (SSCP), preferred
· Fluent in English