Information Security Test Analyst
Information Security Test Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The role requires a selfmotivated analyst conversant and experienced with the use of static code testing for application risk assessment. Static Application Security Testing is performed as part of the overall application testing process. The individual is required to be experienced in security of applications and how they need to be protected. The individual is also required to be experienced with static test tools in order to assess application security. Euroclear currently uses HCL Appscan to test source code so experience with this toolset would be an advantage. Coordination will be required with application owners for testing and assessment of findings.
The main responsibilities:
Develop and scan applications based upon a variety of different languages (.net java C etc)
Assess application results for false and true positives
Produce reports of findings remediation options and risk analysis.
Present & discuss the results to all relevant stakeholders (technical and nontechnical)
Advise (senior) stakeholders such as project leads developers and analysts on how to remediate and prevent any detected issues
Review test results from different sources and perceive threads and issues with applications
Drive or support application security efficiencies in cost delivery and reporting
Innovate through automation of testing and improving pipeline delivery
In this role you will come in contact with all types of applications written in a variety of languages and from different technologies including Mainframe applications web applications and middleware. The candidate will be familiar with some of these situations but be able to quickly assess understand and test the application. Not only is technical knowledge of application security needed but the ability to converse and convince the developers of the issues and support mitigation.
At times the candidate will be required to take on other related technical tasks to improve scanning efficiency including automating tasks pipeline reviews and other related improvements
Technical skills
- Experience of using SAST and DAST tools required.
- Coding skills to support automation is an advantage.
- Sound security design principles based on confidentiality integrity and availability requirements and other ISO27002 security principles are an asset;
Good understanding of Application security including OWASP TOP 10 and willingness to learn with regard to a broad range of attacks (SQLi XSS Overflows DLLHijacking...)
Basic understanding of network principles and protocols
Basic understanding of Unix and Windows Operating Systems and security practices
Working with a variety of automated test tools and ability to drive improvements across all areas.
Soft skills
Be an ethical team player who communicates in an open respectful and constructive way with her/his customers and peers both verbally and in writing. You will take ownership and ensure that organizational quality standards are met.
Be a very good communicator in English both verbal and written and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT experts.
Be able to work independently responsibly and professionally with highly confidential information.
#LINS1
Required Experience:
IC
Employment Type
Full Time
