Application Security Specialist

  • Ascension
  • St. Louis, MO, USA
  • May 15, 2019
Security | Security Analyst

Job Description

Application Security Specialist - Infra Security - Full-Time, Day - MOSTL 4600 Headquarters - St Louis, MO
Why Join Ascension?
Ascension Technologies is one of the nation's largest healthcare information technology services organizations.
We provide Ascension and its subsidiaries low-cost, high-value IT infrastructure and software application services that:
• Support rapid and effective clinical decision making
• Improve efficiency and care transitions
• Foster information sharing across the continuum of care
• Make knowledge and data actionable, leading to improved patient outcomes

What You Will Do
As a Application Security Specialist with Ascension Technologies, you will have the opportunity to lead the design and execution of deployed business application systems. Mentors less-experienced staff with responsibility for their technical development.
The Application Security Analyst will focus on evaluating the security posture of Web Applications, Mobile Applications, API's and Web Services. The Application Security Analyst will work jointly with Development Teams and Architects to review application code and be able to articulate security posture of applications and back-end systems. Conduct web and mobile application security vulnerabilities assessments using Static Application Security Testing (SAST) and / or Dynamic Application Security Testing (DAST) using scanning tools and manual checks to notify the appropriate development team to take necessary action. An understanding of modern web application development languages is necessary to communicate mitigating controls and potential remediation activities.
Responsibilities:
  • Develops partnerships with senior users to understand their business needs and define future application requirements. Evaluates the applicability of leading edge technologies and uses this information to significantly influence future business strategies.
  • Analyzes complex business and competitive issues and discerns the implications for systems support. Designs, directs and performs analyses to resolve complex first-time project issues, including analysis of the technical and economic feasibility of proposed system solutions.
  • Designs projects with broad implication for the business and/or the future architecture, successfully addressing cross-technology and cross-platform issues. Balances and negotiates the needs of multiple users and communicates the business advantages of various technical solutions.
  • Manages customer expectations and ensures prompt and complete customer service. Customizes presentations to the interests of the audience.
  • Develops expert understanding of applications development processes, and in-depth knowledge of leading edge technologies to create plans for future technology use.
Desired  Responsibilities:
  • Work with developers to refine security checkpoints in the SDLC that are based industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
  • Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
  • Use automated tools along with manual testing to perform source code security analys to identify vulnerabilities and attack vectors in web applications.
  • Work with information security analysts to refine web application penetration testing methods and breadth of security services.
  • Obtain and review all required artifacts as part of various security checkpoint phases in the development lifecycle cycle.
  • Assist with periodic security risk assessments, IT security audits, and management reporting.
  • Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
What You Will Need
Education:
  • Diploma 
    • High school diploma/GED with 2 years of experience, or Associate's degree, or Bachelor's degree required
Work Experience:
  • 1 year of experience required. 4 years of experience preferred. 2 years of leadership or management experience preferred
Desired   Skills and Work Experience:
  • Two years of experience with a focus on web application security methods preferred.
  • Security risk assessment and systems security audit work experience is highly desired.
  • Experience working with common application security tools such as Fortify or BurpSuite is a plus.
  • CISSP, CEH or other technical security certifications preferred
  • Self-starter with the ability to perform tasks as an individual contributor or as a project lead.
Equal Employment Opportunity
Ascension Technologies is an EEO/AA Employer M/F/Disability/Vet. Please click the link below for more information.
 
http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
 
EEO is the Law Poster Supplement
http://www.dol.gov/ofccp/regs/compliance/posters/pdf/ofccp_eeo_supplement_final_jrf_qa_508c.pdf
E-Verify Statement
Ascension Technologies participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.
E-Verify (link to E-verify site)