BethesdaRecruiter Since 2001
the smart solution for Bethesda jobs

Senior Application Security Analyst

Company: Walker & Dunlop
Location: Bethesda
Posted on: September 8, 2020

Job Description:

Ready to bring your whole self to work every day? At Walker & Dunlop, we didn't get to where we are by hiring ordinary individuals. We got here by hiring the exceptional! WD is looking for individuals who are caring, collaborative, driven, insightful, and tenacious to join our team! If you are looking to join a growing information technology team, the below opportunity may be for you. This position is responsible for validating that application services are designed and implemented with high security standards. The role analyzes the security of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Additionally, the senior application security analyst addresses legacy and emerging security issues and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. As issues are uncovered, this position communicates with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk. Application security analysts are constantly assessing applications for weaknesses and finding resolutions before they can be abused. This position is also responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a highly knowledgeable individual, the senior application security analyst is expected to recommend programmatic controls and monitor and manage secure development practices to address modern day issues. Application security analysts think like attackers, but always acts with integrity and do not abuse their privilege. In addition, this position is responsible for security program maturity efforts, strategic thinking, and initiatives related to application security; researches current security threats and makes recommendations to counter; and analyzes, plans, designs, and implements security solutions for information security assurance. What you will be doing: - Hold responsibility for application security standards, assessments and code review as part of the software development lifecycle (SDLC) - Perform vulnerability and penetration testing - Document security findings with reasonable methods to secure - Focus on automation to aid in efficiencies with both testing and remediation of findings - Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments - Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing - Attend and participate in application projects and change management committees which includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning - Fully define and follow a security review process to ensure an automated and repeatable process is managed; this can be through the use of dynamic and static code analysis resources - Use security standards and implementation configurations, as well as common security frameworks. - Prepare for and manage bug bounty programs. - Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics - Align with architects and development teams for a mission of secure design - Train developers and junior application security engineers on weaknesses to avoid - Actively participate and lead security team meetings that facilitate secure design - Work in tandem with architects, the security operations center (SOC), incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members - Respond to and handle service and escalation tickets within SLA expectations - Develop security test plans from architectural design; identify deficiencies and make enhancements to ensure production is not impacted - Drive security efficiencies, enabling security team members to work on more advanced tasks - Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted - Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle - Ensure applications have proper logging - Continue to drive security evaluation earlier in the cycles through iterative security testing - Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities - Perform security activities, including security design reviews, threat modeling, and code auditing on internally and externally developed software - Assist with periodic security risk assessments, IT security audits, and management reporting - Assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), MS Azure, GCP, SaaS applications and other cloud platforms - Work with end users on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built in application security controls - Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline - Implement and automate security as code using cloud services and CI/CD components as necessary - Represent Information Security in disaster recovery procedures and exercises - Log and update all security incidents in the company's ticketing system and update management regularly on the threats, mitigation plans, and status - Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure - Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders, often in combination with travel - Other skills related to building a career in application security! The education and experience we're looking for: - Bachelor's degree in computer science or related field or equivalent technical or professional experience related to the design, architecture, application development, and cloud architecture - Minimum of 5 years of experience with commonly used programming tools, workflows, and concepts - Significant technical experience in at least 3 of the following: Python, Bash, Ruby, Azure, GCP, AWS, REST APIs - Strong experience with application security (SAST, DAST, IAST) tools preferred - Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes - Proficient and up to date with Azure, GCP, AWS security services and pros/cons to implementing each - Hands on experience with Azure Resource Manager, GCP Deployment manager, AWS CloudFormation - Significant technical experience in Cloud Computing technologies and automation (HashiCorp, Terraform, Ansible, Cloudformation, etc.) - Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security - Experience with or understanding of a broad range of security technologies including SAST, IDS/IPS, IAM, Certificate Management, etc. is a plus - Security training or education preferred (e.g. SANS/GIAC, ISC2, ISACA, EC-Council, Offensive Security, etc.) - Experience with forensics and vulnerability management systems are a plus - Industry certifications are preferred What skills you should have: - Ability to read and understand code as well as ability to script - Familiarity with Web Application Firewalls - Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and nontechnical individuals - Have passion for technology, security and innovation - Familiarity with commonly used CI/CD pipelines, programming tools, workflows, and concepts - Ability to work independently and in a team-oriented, collaborative environment - Ability to conform to shifting priorities, demands, and timelines through analytical and problem-solving capabilities - Ability to remain flexible during times of change and react to project adjustments and alterations promptly, efficiently and positively - Must be able to learn, understand and apply new technologies - Extensive knowledge of application development security best practices as they relate to policies and procedures, configuration, and implementation - Extensive knowledge of cloud environments including security, configuration, and management - Ability to work well within a deadline-driven environment - Familiarity with Linux operating systems - Ability to lift 50lbs - Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes - Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders Still reading? Then we think you should apply! EEO Statement Walker & Dunlop is an equal employment opportunity employer and does not discriminate based on race, color, national origin, religion, gender identity, sexual orientation, sex, age, disability, veteran or military status, genetic information, or any other characteristic protected by applicable law. SPAM Please be wary of recruitment scams. An indication of a scam might be a request for sensitive or bank information at the time of application or emails coming from a non email address. Please call us at , if you have any concerns about information requested during or after the application process.

Keywords: Walker & Dunlop, Bethesda , Senior Application Security Analyst, Professions , Bethesda, Maryland

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Professions Jobs


Warehouse Laborer (Flexible Shifts Available) - Earn $15/hr or more
Description: Shifts: br Overnight, Early Morning, Day, Evening, Weekend br br Location: br Springfield, Arlington, Washington DC, Ashburn, Sterling br Job opportunities vary by location. We update postings (more...)
Company: Amazon
Location: Burke
Posted on: 09/28/2020

Master Electrician
Description: This is skilled electrician work at the journey or master level. An employee in this class works
Company: AD-T3CH
Location: Lancaster
Posted on: 09/28/2020

Amazon Warehousing Worker (Flexible Shifts Available) - Earn $15/hr or more
Description: Shifts: br Overnight, Early Morning, Day, Evening, Weekend br br Location: br Springfield, Arlington, Washington DC, Ashburn, Sterling br Job opportunities vary by location. We update postings (more...)
Company: Amazon
Location: Burke
Posted on: 09/28/2020


Warehouse Laborer (Flexible Shifts Available) - Earn $15/hr or more
Description: Shifts: br Overnight, Early Morning, Day, Evening, Weekend br br Location: br Springfield, Arlington, Washington DC, Ashburn, Sterling br Job opportunities vary by location. We update postings (more...)
Company: Amazon
Location: Chantilly
Posted on: 09/28/2020

Amazon Warehouse Attendant (Flexible Shifts Available) - Earn $15/hr or more
Description: Shifts: br Overnight, Early Morning, Day, Evening, Weekend br br Location: br Springfield, Arlington, Washington DC, Ashburn, Sterling br Job opportunities vary by location. We update postings (more...)
Company: Amazon
Location: Burke
Posted on: 09/28/2020

Warehouse Team Member - Earn up to $640 a Week
Description: br Shifts: br Day, Weekend br br Location: br Hagerstown, MD br br Earn 15/hr or more br br br Immediate openings available now. Start as soon as 7 days. No resume or previous work (more...)
Company: Amazon
Location: Leesburg
Posted on: 09/28/2020

CDL-A Truck Drivers: HOME WEEKLY
Description: LIMITED TIME Dedicated Openings for Class A CDL Drivers: HOME WEEKLY with 1200 Weekly Minimum Drive newer equipment and receive great benefits U.S. Xpress Company Drivers and Their Families (more...)
Company: US Xpress
Location: Lancaster
Posted on: 09/28/2020

Gutter Protection Installer
Description: Job DescriptionLeafFilter Gutter Protection Installers needed for immediate work as independent contractors. We provide in-depth knowledge so you can correctly and efficiently install our gutter protection (more...)
Company: LeafFilter
Location: Chantilly
Posted on: 09/28/2020

Data Analyst
Description: Reporting to the Data Analytics Manager the Data Analyst is responsible for designing and building complex business/client reports, and dashboards using business intelligent tools and automating them (more...)
Company: COFENSE
Location: Leesburg
Posted on: 09/28/2020

Amazon Warehouse Attendant (Flexible Shifts Available)
Description: Shifts: br Overnight, Early Morning, Day, Evening, Weekend br br Location: br Springfield, Arlington, Washington DC, Ashburn, Sterling br Job opportunities vary by location. We update postings (more...)
Company: Amazon
Location: Chantilly
Posted on: 09/28/2020

Log In or Create An Account

Get the latest Maryland jobs by following @recnetMD on Twitter!

Bethesda RSS job feeds