Oglasi za posao Senior Application Security Analyst

Oglas je preuzet sa sajta poslodavca i sajt HelloWorld ne garantuje njegovu ažurnost.

Job listing has been deactivated.

Senior Application Security Analyst

Arise

Remote

08.04.2022.

PHP .NET C# JavaScript C++ Python Ruby PowerShell Bash C Cloud senior

Around since 1994, Arise Virtual Solutions Inc. has created a disruptive technology platform that connects the world’s biggest brands with the largest network of gig-economy Service Partners in the BPO industry. Owned by Warburg Pincus, one of the world’s largest Private Equity Firms, Arise is the work-from-home pioneer and now the CX Transformation trailblazer. We are changing the way the world works with every major brand that we support. Come be a part of the revolution as a regular-full-time employee of Arise Virtual Solutions!

Our Core Values:

Relentlessly Pursue Excellence
Empower People & Partners
Make a Difference
No Boundaries
Embrace Possibilities

The Information Security team at Arise is looking for a Senior Application Security Analyst to join our team. You will report into the Senior Director of Information Security.

The ideal candidate is someone with recent experience in an enterprise role as an application security engineer, that has an intermediate to a strong background in application development. This candidate will be the SME for application security on our small but growing security team and bring their experience securing enterprise web and client/server applications hosted in on-premises and cloud environments. To be successful in this role, the candidate will be knowledgeable about common threats, attacks, and the techniques used by bad actors to compromise applications and effectively communicate safeguards and countermeasures to mitigate identified security and privacy risks to a small team of developers and their IT leadership.

What you will be doing:

Act as advisor to product teams, providing practical advice on secure design, coding and testing including cloud technologies, practices and processes
Create threat models for new and existing software, assess vulnerabilities and provide mitigation recommendations to engineers
Correlate information from a variety of tools and processes to identify security insights, and opportunities to increase resiliency from a wide range of attacks
Establish security requirements for cloud-based solutions by evaluating business strategies and requirements
Provide domain expertise in container security and public cloud technology

Our new team member will bring:

Understanding of common security vulnerabilities as described in the OWASP Top 10 and SANS 25 as well as their remediation
Proven track record in secure development practices such as threat modeling, secure design, secure code review/assessments, and the use of static and dynamic analysis tools in a product security engineering environment. Experience with Github Enterprise and associated security.
Experience with application security control frameworks and its current usage in modern distributed web applications (e.g., Authentication, Cryptography and Data Protection, Authorization, Web Service Security, Security Headers)
Understanding of cloud security controls and the specific challenges in securing cloud-based solutions
Mobile App security experience
Competency in secure coding in multiple languages, including at least one scripted (e.g., Python, JavaScript, Ruby, PowerShell, Bash and/or PHP) and one compiled (e.g., C, C++, C#, .Net) language
Understanding and ability to communicate the techniques, tactics and practices of an attacker to engineers and business stakeholders who are part of a globally dispersed team