Senior Security Analyst AppSec
Share
Job Location:
Saint Paul, MN - USA
Monthly Salary:
$ 94100 - 117700
Posted on:
8 hours ago
Vacancies:
1 Vacancy
Job Summary
Patterson isnt just a place to work its a partner that cares about your success.
One of the distinguishing marks of our company is the talented people who embrace the people-first always advancing and results-driven culture. Professional growth abounds in this motivating environment. We value the diverse talents and experiences our employees bring to Patterson and believe that they build a stronger and successful organization.
Job Description:
The Application Senior Security Analyst leads the implementation and maintenance of network and application security systems to protect Pattersons information assets. This role drives technical support incident response and ensures alignment with security and project goals. The analyst develops and enhances the application security program using industry best practices and frameworks. Expertise in secure coding static and dynamic code analysis and vulnerability remediation is essential. The candidate integrates security controls into CI/CD pipelines using SecDevOps methodologies. Responsibilities include tool integration policy enforcement and continuous monitoring. Collaboration across DevOps compliance risk and audit teams ensures enterprise-wide security alignment. A methodical approach to assessing and triaging security findings is critical for success.
Essential Functions
To perform this job successfully an employee must be able to perform each essential function satisfactorily with or without reasonable accommodation. To request a reasonable accommodation notify Human Resources or the manager who oversees the position.
Perform application security triage oversee issue resolution and track remediation metrics
Oversees the maintenance support and delivery of associated security platforms
Drives continuous improvements in acting on alerts service requests and incidents
Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues
Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements
Strong mentor with the ability to work with junior team members and provide leadership and training on new tools or projects
Provide support and ongoing input in the evolution of the application security program
Ensure the application security tool set is optimized tuned and maintained
Collaborate with Devs and Ops teams to embed security into CI/CD pipelines and SecDevOps workflows
Perform security testing to include SAST DAST SCA Container APIs IaC Secrets
Interact with Infrastructure DevOps and application owners to ensure alignment with Pattersons roadmaps
Prioritize workload depending on business direction compliance and / or security requirements
Embedded in the SDLC process for all major applications working with DevOps SecDevOps Developers QA Principal Architects Security Champions
Actively participate and / or lead weekly meetings with application team leads and security champions
Track and manage identified vulnerabilities through resolution ensuring timely remediation and documentation.
Oversee the planning execution and follow-up of penetration tests conducted by internal teams and external security partners.
Additional functions
In addition to the essential functions listed above the incumbent may perform the following additional functions.
Experience C# Javascript Angular and related languages
Familiarity with AzureDevOPs (ADO) Package Management SBOM TFS and / or VSTS
Familiarity with major cloud platforms including Microsoft Azure Amazon Web Services (AWS) and Google Cloud Platform (GCP)
General knowledge of Application Security frameworks such as BSIMM OWASP SAMM / ASVS NIST etc
Experience with Thick Clients Web Apps Cloud Solutions SPA Web Services MVC APIs etc
Familiar with Azure DevOps Pipelines for automated build test and deployment workflows
Ability to support and manage Azure services including Azure Container Apps (ACA) Azure Kubernetes Service (AKS) and Azure Artifacts
Familiarity with software supply chain security processes including vulnerability scanning artifact integrity validation and dependency risk management
Experience implementing and maintaining gating workflows in CI/CD pipelines to enforce security and compliance checks prior to deployment
Experience communicating security concerns and issues to non-technical audiences
Proficient in assessing microservices and APIs for security flaws using automated and manual testing techniques.
Familiar with key application security tools such as BurpSuite HCL AppScan Veracode Qualsys WAS Micro Focus WebInspect Checkmarx (White Source) DevTools Fiddler Owasp Zap Metasploit BeeF SQLMap Postman etc
Experience with Swagger SOAPUI Visual Studio
Required Qualifications
Bachelors Degree with an emphasis in security technology or engineering or equivalent work experience
At least 4 years work experience in information technology cyber security or information security
Preferred Qualifications
Security industry certification desired
This person must be located within a commutable distance to Mendota Heights MN or Loveland CO. This will be 2 days in the office hybrid model.
We provide competitive benefits unique incentive programs and rewards for our eligible employees:
Full Medical Dental and Vision benefits and an integrated Wellness Program.
401(k) Match Retirement Savings Plan.
Paid Time Off (PTO).
Holiday Pay & Floating Holidays.
Volunteer Time Off (VTO).
Educational Assistance Program.
Full Paid Parental and Adoption Leave.
LifeWorks (Employee Assistance Program).
Patterson Perks Program.
The potential compensation range for this role is below. The final offer amount could exceed this range based on various factors such as candidate location (geographical labor market) experience and skills.
$94100.00 - $117700.00EEO Statement
Patterson provides equal employment opportunities to applicants and employees without regard to race; color; sex; gender identity; sexual orientation; religious practices and observances; national origin; pregnancy childbirth or other related medical conditions; status as a protected veteran or spouse/family member of a protected veteran; or disability.
Required Experience:
Senior IC
Key Skills
- Security Management
- Sensitive Information Management
- Pressure Management
- Risk Analysis
- Access Control
- Safety Procedures
- Security Measures
- Security Training
- Risk Assessment
- Access Point
- Security Checks
- Detect Signs
- Safe Environment
- Security System
- Security Reports
