As a leading provider of human capital solutions, we help our clients and their people navigate the complexity of health, wealth and HR. We combine data-driven, consumer-centered technology with personalized care and service to deliver a superior customer experience. Our dedicated colleagues across 28 global centers help 23 million people and their 11 million family members simplify work and life, both now and in the future. At Alight, we are reimagining how people and organizations thrive.
The Application Security Analyst is a key member of the Security Architecture and Engineering team. They will work closely with other members of the Information Security Team, Development team members and Business owners of applications with the goal of helping to identify, mitigate and remediate security risks throughout the application portfolio. The right candidate is a self-starter with excellent development skills to perform duties such as, but not limited to, research and development of secure coding methodologies, providing experienced guidance pertaining to secure application development design and testing.
Key Duties & Responsibilities
- Communicate application security program fundamentals and processes, and act as a consultative partner on subject matter expert on application security tools and techniques
- Provide guidance to the development teams on secure coding best practices
- Participate in IT projects, providing security reviews and remediation recommendations based on industry standards.
- Working with application development teams to implement tools into the SDLC (SAST/DAST and Open Source)
- Develop tools to enhance the application security program
- Review and validate results of various automated and manual security tests (e.g., static analysis, dynamic analysis, and 3rd party penetration tests.) and provide expert guidance to development and engineering teams on how to effectively remediate findings
- Foster a culture of security by educating development teams on application security best practices and techniques
Essential Technical / Professional qualification
- Previous application security risk assessment or audit work experience
- Strong knowledge of web and mobile application vulnerabilities exploits and remediation techniques.
- Hands-on experience with common web application testing tools for Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA) and Interactive Application Security Testing (IAST) analysis.
- Strong knowledge of OWASP Top 10 and the ability to articulate application security risks, determine threat level and effective remediation or mitigation techniques
- Experience integrating security within a DEVOPS environment
- BS degree in Computer Science, a similar technical field of study, or equivalent practical experience
- Must be a strong communicator while also understanding the product and application domain so that you can bridge between security and development teams.
- Excellent project management skills, experience creating application documentation, and demonstrated ability to teach less experienced colleagues
- Related certifications from ISC2, ISACA, GIAC or similar organizations is a plus