Senior Security Analyst - AppSec

Senior Security Analyst leads, develops, and executes on the installation, testing, operation and maintenance of the application security hardware and software to ensure the confidential, integrity, and availability of Patterson’s Companies’ customer-facing applications, internal applications, information assets and systems. In this newly created role, you will help in the future growth of the application security program by leveraging the latest technologies, engaging directly with the application development teams, and working collaboratively across multiple business areas.  Additionally, this role will take ownership and drive all aspects of security support, ensuring security and project goals are being met and proactively providing technical support and incident management.

Essential Functions

• Ensure the Application Security tool’s system availability, functionality, configuration, and integration.

• Review and report on core systems, SAST/DAST/SCA/API/Secrets/IaC tools.

• Review outputs and provide recommendations to developers and security champions.

• Log and follow up incidents, bugs, and impediments in ticketing system.

• Validate pen test results and document action plans for remediation.

• Perform code reviews for major releases.

• Oversees the maintenance, support, and delivery of associated security platforms.

• Drives continuous improvements in acting on alerts, service requests, and incidents.

• Integrates best practices to proactively analyze and monitor systems and applications for system and security related issues.

• Considered subject matter expert in assigned platforms and keeps up-to-date knowledge to drive improvements.

• Strong mentor with the ability to work with junior team members and provides leadership and training on new tools or projects.

Additional functions

In addition to the essential functions listed above, the incumbent may perform the following additional functions.

• Ability to work cross-functionally with members of the Information Security Team to support Patterson Companies compliance initiatives and business continuity requirements.

• Contribute to the development of enterprise-wide best practices for Application Security.

• Create documentation of environment configuration and how each area is maintained.

• Deliver up-to-date metrics for various verticals within the Application Security toolsets.

• Express relevant information appropriately to individuals or groups, considering the audience and the nature of the information.

Required Qualifications

• Bachelor’s Degree with an emphasis in security, technology, or engineering or equivalent work experience.
• At least 4 years work experience in information technology, cyber security, or information security.
• Knowledge of manual testing tools (i.e Burp Suite Pro, Fiddler, Owasp Zap, Kali, or Postman)
• Knowledge of and experience with Application Security tools such as Burp Suite, Invicti Netsparker, Veracode, Checkmarx, Gitleaks, Noname, or Qualys.
• Experience with the integration of tools into development pipelines
• Understanding of a broad range of Application Security issues as well as their mitigation strategies
• Understanding of Application Security related vulnerabilities, OWASP Top 10 and OWASP Top 10 API Security Risks
• Familiar with Thick Clients, WebApps, SPA, MVC, API, Microservices.
• Knowledge of security risk and capabilities in IaaS, PaaS, Saas.
• Coordinate, guide and follow-up results from Pen Test as a Service.
• Experience with reviewing source code written in .NET, C, C++, C#, JavaScript, Angular and related languages.
• Written communication skills for written interactions with clients, vendors and upper management.
• Familiarity with Cloud Solutions, CNAPP, CIEM, CSPM, Kubernetes, OAuth, or APIM.
• Experience with creating overall metrics of the application security program.
• Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information.
• Drives continuous improvements in acting on alerts, service requests, and incidents.

Preferred Certifications

• Certified Ethical Hacker – (C|EH).
• GIAC Certified Web Application Defender (GWEB).
• (ISC)² - CISSP.
• MSFT – Certified Cloud Security Professional (CCSP).
• Burp Suite Certified Practitioner – (BSCP).