Sr. Application Security Analyst
2 days left
- Contract Type
- Full Time
Sr. Application Security Analyst-HOP03969 Working at Cargill is an opportunity to thrive—a place to develop your career to the fullest while engaging in meaningful work that makes a positive impact around the globe. You will be proud to work for a company with a strong history of ethics and a purpose of nourishing people. We offer a diverse, supportive environment where you will grow personally and professionally as you learn from some of the most talented people in your field. With 150 years of experience Cargill provides food, agriculture, financial and industrial products and services to the world. We have 150,000 employees in 70 countries who are committed to feeding the world in a responsible way, reducing environmental impact and improving the communities where we live and work. Learn more at www.cargill.com.
As a Senior Application Security Risk Analyst, you will be part of the Global Technology, Governance, Risk and Control team that develops and oversees application security, ensuring software is developed and managed according to the Cargill Secure Development processes.
Working with the application development teams, the Sr. Application Security Analyst will monitor, assess, and fine-tune the Application Development policies through incident monitoring and analysis, as well as tracking remediation of system/application vulnerability assessment scan findings and 3rd party risk assessment reviews, as required
Responsible for application security policy development and maintenance at the enterprise level.
Monitoring compliance with corporate Information Security policy and applicable law.
Assist in developing and providing monthly metrics to leadership
- Partner with developers to consult and refine security checkpoints in the SDLC that are based on industry-accepted doctrine such as CIS 20, OWASP and/or ISO security standards.
- Proactively identify and develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
- Partner with vendors that provide our code scanning capabilities
- Participates on IT project teams ensuring application risk and security issues are identified and addressed.
- Applying an advanced level of knowledge, collaborates with business partners within Cargill to ensure alignment to risk and security policies, standards, and best practices.
- Use automated tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
- Consult with information security analysts to refine web application penetration testing methods and breadth of security services.
- Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle.
- Conduct periodic application risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
- Train developers in the use of industry standard tools to conduct static/dynamic code reviews prior to software being implemented in a production environment
This position can be done remotely for candidates based in the United States.
- Bachelor's Degree in business or information systems or a minimum of 10 years of IT experience
- 3 years of IT experience working in application security
- 3 years of experience working on IT or software development projects
- Experience working with code scanning toolsets.
- Knowledge of OWASP tools and methodologies
- Understanding of HTTP and web programming
- Knowledge of standard SDLC practices
- Ability to complete tasks and deliver professionally written reports for clients
- Ability to present findings to technical staff and executives
- Strong ethics and understanding of ethics in business and information security
- Proficient English language written and oral communication skills
- Understanding and familiarity with common code review methods and standards
- Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
- Experience with web application vulnerability scanning tools (e.g., Qualys, IBM AppScan, HP Webinspect)
- Experience working in software development
- Degree in either Computer Engineering, Computer Science, or Information Systems Management
- Experience with high level programming languages (e.g., Java, C, C , .NET (C#, VB))
- Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
- Possess current security certifications (e.g., CISSP, CEH)
- Experience working with Web Application Firewalls
- Knowledge of common security requirements and how they work within ASP.NET applications
This position can be done remotely for candidates based in the United States.Equal Opportunity Employer, including Disability/Vet.
Job Information Technology
Primary Location US-MN-Hopkins
Other Locations United States
Job Type Standard
Shift Day Job
Apply for Sr. Application Security Analyst
Already uploaded your resume? Sign in to apply instantly