Global jr product expert bilingüe

Application Security Analyst is responsible for identify threats, vulnerabilities and risks in our Web, Mobile and Desktop application, APIs and infrastructure during their design, coding, and testing process.

Responsibilities:
• Recommend security requirements controls for applications
• Using hypothetical scenarios, systems diagrams and testing bring recommendations to secure systems and data: Threat modeling.
• Work with developers to refine security checkpoints in the SDLC that are based on OWASP TOP 10 and other industry-accepted doctrine such as NIST SP 800-115 and/or ISO security standards.
• Use automated DAST and SAST tools to perform source code security analyses to identify vulnerabilities and attack vectors in web, mobile, desktop applications and API, as well as utilize hacking and pen-testing techniques to target Web, Mobile, Desktop apps, infrastructure, and API test their security
• Write, review, and communicate reports of security testing to different areas of the organization.
• Work towards security maturity of SDLC.
• Manage and conduct incident analysis to remediate unidentified vulnerabilities and find solution with other areas team members.
• Knowledge of the DevSecOps culture and principles.
• Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
• Automate security controls and development pipelines with security steps.
• Control and management of security operations.
• Participate in the construction of a “security culture” within the company by supporting the various teams and customers in the implementation of good security practices.

Requirements:
• English Level B2/C1
• Desirable Electronic, telecommunications, telematics, and system engineer
• 1 year in application security
• 1 year in application development and/or cybersecurity
• Familiarity with: C/C++, Javascript, Python, C#, Angular, Typescript and most common programming languages.
• Approach Application Security from the perspective of risk management
• Knowledge of the OWASP Top 10 and CWE 25 and be able to communicate those needs to any audience

Profesional

Universitaria

Ingeniería de sistemas Computación

Ingeniería electrónica

Ingeniería de telecomunicaciones

1 año de experiencia

1 Vacante