APPLICATION SECURITY ANALYST SKILLS, EXPERIENCE, AND JOB REQUIREMENTS
Updated: July 29, 2024 - The Application Security Analyst excels in executing application layer penetration testing and bolstering security measures across diverse technologies. Proficient in programming and wielding a range of security certifications, they adeptly fortify systems against cyber threats. Their expertise spans network, system, and application security, ensuring robust defenses in compliance with industry standards and regulations.
Summary of Application Security Analyst Knowledge and Qualifications on Resume
1. BS in Information Technology with 5 years of experience
- Must have one of the following certifications; CAP, CASP+CE, CISM, CISSP, GSLC, CCISO
- Experience in at least one: Fortify, Sonatype, WebInspect, or Burp
- Must be a US citizen and have a Secret clearance with SSBI with the ability to obtain and maintain a top-secret clearance
- Excellent communication and analytical skills
- Fortify, Sonatype, WebInspect, and/or Burp Suite experience
- Hands-on experience in scripting such as PowerShell, Python, or Bash
- Software vulnerability knowledge
- Microsoft, Linux, Java, C++ or CEH certification
- Understanding of Software Development Lifecycle
- Strong technical writing skills and know boost library, QT
- Very organized and detailed oriented. All requests will be time sensitive with short turnarounds.
- Know Web Application Security (OWASP, WASC, etc)
- Know web browser engines (Webkit)
- Understand character set encoding and internationalization issues
- Experience in developing security-related tools/programs
2. BS in Cybersecurity with 2 years of experience
- Excellent verbal and written communication skills
- Ability to communicate with employees at all levels of the organization
- Strong knowledge and understanding of both state and federal employment laws
- Excellent presentation and facilitation skills and excellent interpersonal skills
- A demonstrated commitment to high professional ethical standards and a diverse workplace
- Ability to adapt to a fast-paced continually changing business and work environment while managing multiple priorities
- Proficient in Microsoft Office Suite
- Ability to show understanding of UTM/NGFW Rules
- Knowledge of the overall information security policies, program, and risk posture as well as capabilities including but not limited to access management and encryption
- Possess ability to articulate security requirements and tasks that need to take place throughout the Solution Development Lifecycle
- Possess ability to identify deficiencies in security, risk, or compliance and articulate options for compensating controls to both technical and non-technical audience
- Ability to research and perform Risk Assessments
- Ability to document application architecture artifacts.
3. BS in Computer Science with 8 years of experience
- Hands on in executing application layer penetration testing tasks
- Good understanding of the architecture, administration, and management of operating systems (various Linux distros, Windows, etc.), networking, and virtualization software.
- Programming proficiency by creating scripts to automate repetitive tasks
- Security Certifications such as CCSK, CEH, CPT, OSCP, CVA, CRISC would be a strong asset
- Experience using penetration testing tools (e.g. Nessus)
- knowledge of modern development languages (e.g. Java, .NET, C/C++, JavaScript) and scripting languages (Python, Perl, Bash, etc.).
- Strong experience with network, system and application security controls
- Working knowledge in security architectures and design principles and understanding of security principles as relate to software and networks
- Demonstrated knowledge of authentication, access controls, encryption
- Ability to quickly learn the fundamentals of new technology and consistently evaluate its security needs according to policy, best practice, precedents, and business needs
- Experience working with regulatory or industry compliance standards (OWASP, SANS)
- Familiarity with WildFly, Web Servers (Apache, IIS), Front end technologies (Browsers/HTML/JS/CSS), RDBMSs(Oracle, SQL Server, PostgreSQL), Operating Systems (Windows/Linux/Android/iOS),
- Cloud Computing (AWS, serverless, Azure) experience is a string asset
4. BS in Software Engineering with 3 years of experience
- Experience Helping key stakeholders understand vulnerability results, provide guidance and evaluating false positives.
- Experience Maintenance of documents, procedures, reporting and communications.
- Experience Focuses on analysis and validation or scan results, providing remediation recommendations, remediation tracking and reporting.
- Experience Executing vulnerability scans
- Experience Penetration Testing
- Experience analyzing penetration testing results
- Experience Working knowledge of features and functions of applications/modules to field, analyze and resolve customer issues
- Experience with one or more; Tenable, Rapid7 or Qualys and Experience with OWASP
- Preferred certifications - CISSP, CCSE, VCP, CCDA, CCNA
- Experience Understanding of regulatory, legal and security best practices - GDPR, NYS DFS 23 NYCRR part 500, SOX, ISO 27001/27002
Relevant Information
Application Developer Skills, Experience, and Job Requirements
Application Programmer Skills, Experience, and Job Requirements
Application Security Engineer Skills, Experience, and Job Requirements
Application Project Manager Skills, Experience, and Job Requirements
Application Scientist Skills, Experience, and Job Requirements