Job Title: Senior Analyst, Application Security – L'Oréal Information Technology
Division: Information Systems
Location: Berkeley Heights, NJ
Reports to: Senior Manager – Cyber Security
Who We Are:
For more than a century, L’Oréal has devoted its energy, innovation, and scientific excellence solely to one business: Beauty. Our goal is to offer each and every person around the world the best of beauty in terms of quality, efficacy, safety, sincerity and responsibility to satisfy all beauty needs and desires in their infinite diversity.
At L'Oréal, our IT teams design and build solutions to ensure high performance for all our business sectors by imagining new ways of doing things, from designing websites to building algorithms and predicting new trends. They can be found leading teams towards a more connected and digitalized future in IT retail, e-commerce, CRM, data, AI, cybersecurity, Cloud and E-Marketing. You never stop learning at L'Oréal IT because things change at the speed of light! Come join our dynamic team!
The Application Security Senior Analyst is responsible for assisting Application Security Director in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions for secure application development.
The ideal candidate for this position can prove competency in secure application development strategies or application penetration testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas:
- Using application vulnerability assessment tools for static (SAST), software composition analysis (SCA) and dynamic code analysis (DAST).
- Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10, CWE/SANS Top 25 dangerous programming errors and OWASP ASVS.
- Implementation and support of CI/CD pipelines.
- Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
- Performing security testing and providing remediation – code changes - for application vulnerabilities.
- Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications.
- Developing application security measures and controls that support risk assessments and the development of secure application platform.
- Developing, testing, and implementing advanced enterprise level application security standards, techniques and tools.
- Web Application Penetration Testing and Mobile Application Penetration Testing.
- Utility development and scripting experience is a major plus.
- Performs security testing and code review to improve software security.
- Investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code.
- Performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer information.
- Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance.
- Develops and deploys application security and risk management framework/tools.
- Communicates risk assessment findings to stakeholders.
- Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
- Educate developers on secure development and coding best practices.
- Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
- Deliver with accountability on assigned tasks and project commitments.
- Candidate Evaluation Criteria
Candidate Evaluation Competencies:
- Must prove understanding of application design and common security vulnerabilities
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Contribute to building enterprise application management, governance, and compliance programs.
- Strong organization, prioritization, rationalization, and analytics skills
- An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
- A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business.
- A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
- An ability to communicate complex and technical issues to diverse audiences.
- Deep and thorough knowledge of advanced enterprise level application security standards, techniques, and tools.
- Ability to assess code security vulnerabilities, implement security measure and mitigating controls.
What We Are Looking For:
- BS or higher degree in Computer science, Information Security, or equivalent experience
- 3+ years of professional experience in IT security engineering, software engineering, or computer science-based field.
- Understanding of SSL/TLS, REST, SAML, OAuth,
- Experience using DevOps tools such as Jira/Confluence, Jenkins, and cloud-based code sharing platforms (i.e. GitHub, BitBucket, Sourceforge, etc.)
- Working knowledge of eCommerce platforms such as SalesForce Commerce Cloud a plus.
- Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.
- Experience with Agile/SCRUM and Classic (Waterfall) software development models, and thorough knowledge/understanding of enterprise SDLC process.
- Knowledge of web related technologies (web applications, web services, and service-oriented architectures) and of network/web related protocols.
What’s In It For You:
- Competitive Benefit Package (Medical, Dental, Vision, 401K, Pension Plan)
- Hybrid Work Policy (3 Days in Office, 2 Days Work from Home)
- Flexible Time Off (Paid Company Holidays, Paid Vacation, Vacation Buy Program, Volunteer Time, Summer Fridays & More!)
- Access to Company Perks (VIP Access to L’Oréal’s Internal Shop for Discounted Products, Monthly Mobile Allowance)
- Learning & Development Opportunities (Unlimited Access to E-learnings, Lunch & Learn Sessions, Mentorship Programs, & More!)
- Employee Resource Groups (Think Tanks and Innovation Squads)
- Access to Mental Health & Wellness Programs
Don’t meet every single requirement? At L'Oréal, we are dedicated to building a diverse, inclusive, and innovative workplace. If you’re excited about this role but your past experience doesn’t align perfectly with the qualifications listed in the job description, we encourage you to apply anyways! You may just be the right candidate for this or other roles!
We are an Equal Opportunity Employer and take pride in a diverse environment. We would love to find out more about you as a candidate and do not discriminate in recruitment, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting [email protected]. If you need assistance to accommodate a disability, you may request an accommodation at any time.
Our Safe Together Plan: Your safety is our highest priority. We will proceed with caution and adhere to enhanced protection standards to ensure our sites are safe for all employees. We must all operate with the shared responsibility for each other’s health & safety in mind.