Application Security Analyst
CaseWare, Canada

• Responsible for Static Application Security Testing (SAST), and review security scan results and work closely with the development team to prioritize security vulnerabilities identified using a risk-based approach.
• Participate in and support Dynamic Application Security Testing (DAST) and conducting penetration testing against CaseWare’s applications.
• Participate in and support application security reviews and threat modeling.
• Support and consult with product and development teams in the area of application security.
• Develop scripts and/or automation and work with development and operation stakeholders to integrate automated security tools into the CI/CD pipeline.
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Research, identify, administer and support application security analysis tools.
• Integrate security tools, standards, and processes into the software development life cycle (SDLC).
• Manage application security framework and security technology improvement projects.
• Be able to think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
• Perform any other application security or product security related activities or tasks as needed or directed.
• Develop strong relationships across various levels of an organization to bring about positive results and communicate requirements effectively.

• Can demonstrate experience in application security concepts such as secure coding, design or development and industry application security standards and best practices.
• Has experience in performing manual penetration testing of applications to identify and recommend remediation to common.
• Has experience in conducting risk assessment for application related security findings.
• Has a good understanding of penetration testing processes, procedures and scoping requirements.

• Bachelor's degree in Computer Science or Engineering field.
• An approach to application security from the risk management perspective.
• Strong track record of using application security testing tools to perform static, dynamic code analysis, and penetration testing.
• Deep hands-on experience with agile development processes and have experience integrating secure development practices into the model.
• Experience writing and testing web applications and web services in the following programming languages: C/C++, Java, Python, TypeScript and JavaScript.
• Experience working with a variety of development and testing tools, including: IntelliJ, Git, Jira, Confluence, Maven, New Relic, Jenkins, Cypress, Docker.
• Expertise working with one or more SAST, DAST and IAST tools such as Veracode, BurpSuite, OpenVas, OWASP ZAP, NMAP, and Dependency-Track.
• Experience in identifying and remediating common web application vulnerabilities as per the OWASP Top 10 and CWE 25.
• Experience in application security concepts such as secure coding, design or development and industry application security standards and best practices.
• Experience with cyber security attacks and best practices for mitigation methods.
• Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection.

Job Rewards and Benefits