About the position
AVP, Application Security Dynamic Analyst will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role's focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications and API's, review security findings with application teams, and support remediation tracking.
Responsibilities
• Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and API's, utilizing enterprise DAST platforms and tooling.
• Partner with developers to perform False Positive Analysis and audit/triage of findings to ensure true positives are identified and addressed.
• Validate remediation of DAST, web application, and API security assessment findings.
• Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans.
• Manage API security platform configuration, detections, and events.
• Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance.
• Operate in an Agile development environment, understanding tools, concepts, and methodologies.
• Contribute towards maturing application security processes, standards, and guidelines.
• Create and enhance internal documentation, e.g. job aids and run books.
• Support the collection of data and documentation in support of examinations/audits.
Requirements
• Bachelor's degree and a minimum 3 years of work experience in IT OR in lieu of a degree, a High School Diploma/GED and minimum 5 years work experience.
• In-depth knowledge and experience in Dynamic Application Security Testing (DAST) and manual web application assessments.
• Knowledge and understanding of common security vulnerabilities and weaknesses, including OWASP Top 10 (web and API).
• Hands-on experience with any of the following application security assessments tools: OpenText WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools.
• Hands-on experience with any of the following API security platforms: Traceable, Noname, Salt Security.
Nice-to-haves
• Industry certifications such as CISSP, CSSLP, GWAPT, Security+, or C|EH are a plus.
• 3 or more years with Secure coding practices/System Integration.
• Financial services industry experience.
• Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.
• Awareness of the latest cybersecurity trends and developments.
• Equivalent work experience and a proven track record in the field of Software Development and/or Information security.
Benefits
• Annual bonus based on individual and company performance.
• Salary range of 100,000.00 - 170,000.00 USD Annual.
• Salaries adjusted according to market in CA, NY Metro and Seattle.