Application Security Analyst - Full-time / Part-time

What we are looking for:

Angie’s List is seeking an Application Security Analyst, responsible for working with application developers, development managers, product managers, and business units to implement security and technology controls, processes, and best practices for in-house and third-party applications. The Application Security Analyst provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment.

What you will do:

• Serve as the primary technical contact and expert in all aspect of application security.
• Be a hands-on subject matter expert (SME) working directly with the application developers and project teams by directly participating in application development and procurement processes 
• Assess application security posture through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities.
• Provide remediation guidance to development teams.
• Develop, implement and manage application security policies, standards, procedures, and guidelines that will assist the application development teams in integrating security requirements within their applications and databases.
• Research, recommend, implement, and maintain application security tools.
• Serve as the AppSec subject matter expert for the Incident Response team and investigate any possible incidents impacting the company 
• Perform other related duties as assigned.

What you will have:

• Possession of an undergraduate degree in computer information technology, computer engineering, or related degree.
• Minimum 3 year of Application Security experience through employment, community involvement, academic or self-study required.
• CISSP, CSSLP, GWAPT, or related certification(s) preferred 
• Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc. 
• Exposure with software penetration testing, secure code review, architectural risk assessment, static code analysis.
• Proficiency in one or more of the following languages: Java/J2EE, Scala, JavaScript, & Python.
• Ability to communicate effectively via multiple channels with technical and non-technical staff.
• Ability to be versatile and handle multiple projects and re-prioritizations.
• Ability to maintain self-motivation and to work independently and in team environments.

ADDITIONAL INFORMATION:

• Some evenings, overnight, and weekend work may be occasionally required for deployments and releases.  

*LI-JS1