Application Security Analyst
Georgia-Pacific
- Atlanta, GA
- Permanent
- Full-time
- Partner with development teams to embed security standards and best practices into their workflows.
- Identify web application vulnerabilities, prioritize and risk adjust findings, consult on mitigation strategies, and ensure timely resolution. Demonstrate self-motivation and direction, while utilizing strong organizational and project management skills, to effectively plan, execute, and complete tasks in a timely and efficient manner.
- Design and deliver training sessions to developers and stakeholders on secure coding practices, threat modeling, and risk assessment.
- Revamp our AST (Snyk) platform. Collaborate with developers to address findings and minimize false positives.
- Lead proactive code reviews to pinpoint vulnerabilities, while refining and incorporating the Secure Development Lifecycle into our engineering processes.
- Offer specialized application security guidance on projects, system issues, and during stakeholder meetings. Provide guidance on relevant application security industry standards and practices such as OWASP, ASVS, CIS, SANS, CWE, etc.
- Assist in developing and maintaining an ongoing security assurance program including development of appropriate scripts and monitoring capabilities to; verify security effectiveness, analyze data, develop trend analysis, and ensure compliance to existing standards, policies, and procedures.
- Conduct technical security risk assessments with internal and external resources as needed.
- Experience using Python or PowerShell or infrastructure-as-code tools
- Experience testing and identifying web application vulnerabilities
- Experience with CI/CD, containers, microservices, cloud architecture, and application security platforms
- Experience with Development or Security or Operations with a focus on cloud, systems and services
- Experience in Cloud Security or Network Security or Cyber Security Data Analytics and Reporting
- Experience working with virtual machines in AWS, VMware and/or Azure Platforms.
- Experience in aggregating data from various sources for security analysis & reporting
- Bachelors Degree in Computer Science or IT Security
- Experience with leading AST SaaS solutions (Synopsys, Snyk, Veracode, etc..)
- Experience in aggregating data from various sources for security analysis & reporting
- Experience providing organizational guidance for application security standards and practices such as OWASP, ASVS, CIS, SANS and CWE
- Experience troubleshooting network security, firewalls and remote access technologies
- AWS Certified Solutions Architect or comparable certification
- Experience analyzing code for security vulnerabilities
- Experience working in a SOC