Senior Application Security Analyst

Job Overview:

The Sr. Application Security Analyst is responsible for identifying and mitigating security flaws and vulnerabilities in VeritasPays systems and applications. In this role you will be constantly collaborating with the business development and tech units to provide inputs in defining security/compliance requirements for new initiatives. You will be assessing the design and architecture of systems by identifying security risks threats and vulnerabilities and recommending the appropriate security controls and ensuring that they are in place prior to release.

This position will be reporting to the information security manager and should be able to work autonomously with minimal supervision. The successful candidate should possess technical skills and knowledge relating to application security and must be able to communicate effectively to both business and tech people. He/she should have a deep understanding of application security threats and vulnerabilities and must be able to translate them into actionable application requirements.

Job Responsibilities:

Collaborate with business development and tech teams and keeping uptodate with projects and initiatives

Determine security and compliance requirements to support development of secure applications

Identification and documentation of risks threats and vulnerabilities in applications through risk assessments and recommend appropriate mitigation measures

Implement Privacy by Design (PbD) in applications

Establish procedures and best practices relating to application security

Recommend improvements to the software development process

Advise internal stakeholders on application security

Stay current with new security threats and vulnerabilities

Support with compliance initiatives such as PCI DSS and CPOC

Provide support in projects and other security endeavors from time to time

Job Qualifications:

BS/BA in IT or related field (e.g. Computer Science Network; or 4 years of relevant IT experience)

Minimum 4 years experience in application security penetration testing and/or software development

Experience in conducting risk assessments or threat modeling in applications is a big plus

Solid foundational knowledge of security concepts pertaining to web and mobile application security and SDLC

Strong understanding of threats and vulnerabilities in applications and networks

Familiarity with OWASP Top 10 MITRE ATT&CK and similar frameworks

Experience in using application security testing tools (e.g. SAST/DAST) is a plus

Familiarity with data privacy and BSP/AML regulations

Knowledge or experience with PCIDSS is preferred but not required

Excellent oral and written communication skills

Strong analytical and problemsolving skills

Security and relevant certifications (e.g. Sec CEH CySA PenTest eJPT) an advantage

KPIs/KRAs:

Defining of security and compliance requirements

Identification and assessment of security threats and vulnerabilities

Establishment of procedures and guidelines