Analyst, Application Security
Overview
Job Purpose
An ICE IS AppSec Analyst, Engineer, or Senior Engineer is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management.
Responsibilities
• Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing.
• Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS.
• Secure Design - Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases.
• Tool Management - Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application's security with static code analyzers (SAST), dynamic testing (DAST) tools, open source security scanners, Web Application Firewall (WAF) and bug bounty programs.
• Developer Education - Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities.
Desirable Knowledge and Experience
• Software engineering experience in Java, C++, .NET and/or related languages
• Expert at deploying, configuring, and using SAST, DAST, and Open Source Security scanning tools in large environments
• Experience designing solutions to secure sensitive data and secrets by applying cryptography, proper access control, and utilizing hardware security modules (HSM)
• Familiar with blockchain, public/private key management, cryptocurrency, and/or experience securing enterprise implementations
• University degree in Computer Science, Engineering, MIS, CIS, or related discipline
Specific Technologies: Checkmarx, WebInspect, BurpSuite, JFrog Xray, Python, Django, Java, C++, HTML5, .NET, iOS & Android, MySQL, Oracle DB, Cloudfare, Akamai
Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including:
• Documenting and effectively publishing technology guidance and repeatable processes
• Mentoring peers in groups and individually
• Improving processes and introducing superior technology
• Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices
