The ApplicationSecurity Analyst helps improve and maintain the applicationsecurity program by providing guidance pertaining to secure webdevelopment design and testing.
The resource will partner withBusiness , Solutions Delivery, Engineering, and Operations teams toeducate, evangelize, and validate secure developmentpractices.
Primarilyresponsible for application security assessments and code review aspart of the software development lifecycle (SDLC)
Develop, educate, promote, and monitor the use of securesoftware development practices
Work withdevelopers to implement and refine security checkpoints in theSDLC
Obtain and review all required artifactsas part of go, no go analyses at security checkpoint phases in thedevelopment cycle
Continue to drive securityevaluation earlier in the cycles through iterative securitytesting
Develop secure coding standards thatare based on industry-accepted best practices such as OWASP Guide,SANS CWE Top 25, or CERT Secure Coding to address common codingvulnerabilities
Provide regular status reportson the security of the software within the organization
Manage the application security scanning process,including analysis, communication and remediationverification
Implement and Govern automatedsecure coding tools and processes (SAST, DAST) to review code as itis written, promoted through the development lifecycle, and intoproduction