僱傭類別: Full - Time
位置: Benito Juarez
The Application Security Senior Analyst is responsible for assisting Application Security Director in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions for secure application development.
The ideal candidate for this position can prove competency in secure application development strategies or application penetration testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas:
· Using application vulnerability assessment tools for static (SAST), software composition analysis (SCA) and dynamic code analysis (DAST).
· Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10, CWE/SANS Top 25 dangerous programming errors and OWASP ASVS.
· Implementation and support of CI/CD pipelines.
· Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
· Performing security testing and providing remediation – code changes - for application vulnerabilities.
· Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications.
· Developing application security measures and controls that support risk assessments and the development of secure application platform.
· Developing, testing, and implementing advanced enterprise level application security standards, techniques and tools.
· Web Application Penetration Testing and Mobile Application Penetration Testing.
Utility development and scripting experience is a major plus.
The key responsibilities of the role are as follows:
· Performs security testing and code review to improve software security.
· Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance.
· Develops and deploys application security and risk management framework/tools.
· Communicates risk assessment findings to stakeholders.
· Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed.
· Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
· Educate developers on secure development and coding best practices.
· Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
· Deliver with accountability on assigned tasks and project commitments.
Candidate Evaluation Criteria
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
Typical Education and Experience
o Experience with Agile/SCRUM and Classic (Waterfall) software development models, and thorough knowledge/understanding of enterprise SDLC process.