Sr Application Security Analyst

Role and Responsibilities Include:

• Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities.
• Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary.
• Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices.
• Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices.
• Assess risks reported in the vulnerability assessment results and other security-related data, and prioritize remediation actions.
• Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline.
• Conduct regular security group reviews.
• Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness.
• Awareness of working and adapting to an Agile environment.

Skill Requirements:

• A bachelor's or higher degree in Computer Science, Computer Engineering, or a similar discipline.
• Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, with extensive knowledge in any one of the object-oriented programming languages.
• Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues.
• Strong web application security experience with a thorough understanding of web application vulnerabilities and secure coding practices.
• Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure.
• Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM.
• Knowledge in Cloud (AWS, Azure) Architecture.
• Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools.
• Understanding of Security Policies, Procedures, Audit, and Compliance requirements.
• Skills in Terraform/Chef/Python/Perl/Ruby are desired.
• Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics.

Soft Skills:

• Excellent communication and presentation skills.
• Ability to work collaboratively and build consensus is essential.
• Ability to manage multiple priorities effectively.
• Strong analytical and problem-solving skills with attention to detail.
• Willingness and capability to self-learn.

Good to Have:

• Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage.
• Experience in assessing and enhancing security of cloud-based environments and services.
• Experience in AWS security involving tools and processes.
• Experience in container/Kubernetes security.
• Active participation in the security communities and groups.
• Demonstrated commitment to staying up to date with emerging security threats and technologies.
• Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security, etc.