Application Security Analyst
The Sherwin-Williams Company - Cleveland, Ohio
The Application Security Analyst position is responsible for the analysis, maintenance, and security report generation. Assisting the enterprise security team to maintain the integrity of our web application firewalls. This role provides technical consulting to management, business users, security teams, and technical associates to assure that applications are secure.
Essential Functions
Strategy & Planning
-
Planning for normal and emergency patches to the infrastructure and software.
-
Maintain knowledge of best security practices through training, research, and involvement with local IT security groups.
-
Reviewing security software advances and making recommendations for upgrades or new tools to support application development.
Acquisition & Deployment
- Work with the security teams and management by creating reports to track security flaws at an enterprise level.
- Hold regular meetings with development teams to review application security status
- Identify and help application developers remediate potential security flaws.
Operational Management
- Provide support for application security scanning tools
- Work with vendors to support new and existing tools and environments
- Schedule and lead regular security reviews
-
Assist other security team members in remediating critical and high security flaws that have surfaced.
-
Work with the development teams, configuration management, and release management teams to include security reviews and scans as part of the regular code releases.
Incidental Functions
- Conduct research into new technologies, including tools, components, and frameworks.
- Mentor and coach developers and/or Professional Apprentices.
- Project and task management and reporting as necessary.
- Make presentations to management, clients, and peer groups as requested.
- Provide tier two, on-call support for critical web application problems and issues.
- Analyze performance of programs and take action to correct deficiencies based on consultation with clients and approval of supervisor.
-
Minimal travel as required
-
Work outside the standard office 7.5 hour workday as required.
Position Requirements
Formal Education & Certification
-
Bachelor Degree or foreign equivalent in related field or equivalent experience.
Knowledge & Experience
· 2 years of IT experience.
· Experience working on all phases of the Software Development Lifecycle.
· Familiar with application security practices
· Familiar with OWASP, security code review, threat modeling, or application penetration assessment.
Personal Attributes
-
Good analytical, conceptual, and problem-solving abilities.
-
Strong written and oral communication skills.
-
Proven ability and initiative to learn and research new concepts, ideas, and technologies quickly.
-
Experience working in a team-oriented, collaborative environment.
-
Ability to translate an idea or need into a completed solution or work product.
Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against based on race. color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information or any other consideration prohibited by law or contract.
VEVRAA Federal Contractor requesting appropriate employment service delivery systems, such as state workforce agencies and local employment delivery systems, to provide priority referrals of protected veterans.
Posted: 30+ days ago
About The Sherwin-Williams Company
The year 2016 is a unique moment in the history of Sherwin-Williams — it’s our 150th anniversary. We are proud to honor our founders Henry Sherwin and Edward Williams, and the thousands of men and women who have shaped our company since 1866... more
