Application Security Analyst

chevy chase, United States

The primary role of the Application Security Analyst is to ensure the secure operation of the company applications and systems through testing, monitoring and risk assessments. The Application Security Analyst will also maintain a strong understanding of current and emerging security technologies, threats, vulnerabilities and industry best practices for recommending sound technical solutions as needed.


Provide technical analysis of threats and vulnerabilities and assist with risk assessments of technologies and processes.

Evaluate technology improvements and/or enhancements that would provide greater security protections for the PWB applications, systems and networks.

Conduct compliance assessments of PWB technologies against industry best practices and provide recommendations.

Perform regular vulnerability assessments & security Ensure timely remediation of findings and communication of risks.

Collaborate with information security leadership to develop strategies and plans to enforce security requirements while addressing risks effectively

Monitor & test the effectiveness of internal application security systems including patch management, anti-virus, event log collection and correlation, access control, authorization management, and IDS\IPS components.

Provide support on secure coding, design and architecture for enhancing application security compliance.

Collaborate on critical IT, Application Development, and Information Security projects to ensure that security issues are addressed throughout the project


Minimum 5 years of experience in a corporate network environment

Possess two or more professional certifications in an Information Security / Cyber Security area. Preferred certifications include CISSP, CSSLP, GWEB, CASE, CASS, CISA, and CRISC.

Demonstrable expertise in the field of information security and related frameworks such as, International Organization for Standardization (ISO) 27001, ITIL, COBIT, National Institute of Standards and Technology (NIST), CSI CSC 20 etc.

Strong, hands-on technical knowledge of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities and recommended best-practices for vulnerability remediation.

Experience with static and dynamic vulnerability analysis using industry leading scanning tools and manual code reviews (SonarQube, BurpSuite, Nessus, Rapid7, Metasploit, etc.)

Comprehensive understanding of Internet standards and application protocols including TCP\IP, REST, SAML, HTTP/HTTPS, and modern application technologies.

Deep understanding of Business-to-Business (B2B) information security infrastructure and approaches to include, OAUTH2 / OIDC, Single Sign On (SSO), Adaptive Access, Access Policy Management, Access Event Logging and Audit, Authorization Control, and Session Management

Solid understanding of data privacy practices, laws, and regulatory requirements such as (FFIEC, SOX, GLBA, PCI-DSS, NYDFS, etc.).

Able to conduct in depth research into security issues and solutions as required, including risk assessments with threat and vulnerability analysis.

Virtualized hosting, integration, and deployment experience for application development (GitHub, AWS, Azure, DevOps, Jenkins, Heroku, SalesForce, etc.)

Strong interpersonal, written, and oral communication skill Highly self-motivated and directed, with keen attention to detail. Proven analytical and problem-solving abilities.

Application Security Analyst

Job description

Application Security Analyst

Personal information
Professional data