- Entry level
- No Education
- Salary to negotiate
- Berkeley Heights
Berkeley Heights, NJ
The Application Security Analyst is responsible for assisting Application Security Manager in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions for secure application development.
The ideal candidate for this position can prove competency in secure application development strategies or application penetration testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas:
- Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
- Performing security testing and providing remediation guidance for application vulnerabilities.
- Developing application security measures and controls that support risk assessments and the development of secure application platform.
- Developing, testing and implementing advanced enterprise level application security standards, techniques and tools.
- Using application vulnerability assessment tools for static and dynamic code analysis.
- Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications
- Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25 dangerous programming errors.
- Network. Penetration Testing
- Application Penetration Testing
- Utility development and scripting experience is a major plus.
The key responsibilities of the role are as follows:
- Performs security testing and code review to improve software security.
- Investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code.
- Performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer information.
- Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance.
- Develops and deploys application security and risk management framework/tools.
- Communicates risk assessment findings to stakeholders.
- Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
- Educate developers on secure development and coding best practices.
- Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
- Deliver with accountability on assigned tasks and project commitments.
Candidate Evaluation Criteria
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
- Must prove understanding of application design and common security vulnerabilities
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Contribute in building enterprise application management, governance and compliance programs.
- Strong organization, prioritization, rationalization and analytics skills
- An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
- A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business.
- A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
- An ability to communicate complex and technical issues to diverse audiences.
- Deep and thorough knowledge of advanced enterprise level application security standards, techniques and tools.
- Ability to assess code security vulnerabilities, implement security measure and mitigating controls.
Typical Education and Experience
- BS or higher degree in Computer science, Information Security, or equivalent experience
- 3+ years of professional experience in IT security engineering, software engineering, or computer science based field.
- Understanding of SSL/TLS, REST, SAML, OAuth,
- Experience using DevOps tools such as Jira/Confluence, Jenkins, and cloud-based code sharing platforms (i.e. GitHub, Bi
About the company
The L'Oréal Group is a French cosmetics and beauty company, headquartered in Clichy, Hauts-de-Seine. It is the world's largest cosmetics company, and has a registered office in Paris. It has developed activities in the field of cosmetics, concentrating on hair colour, skin care, sun protection, make-up, perfumes and hair care, the company is active in the dermatology, toxicology, tissue engineering, and biopharmaceutical research fields and is the top nanotechnology patent-holder in the United States.