- Engage with lead developers and architects, providing insight and support for Application Vulnerability program policies and practices
- Support application development teams with issues pertaining to vulnerability management: Understanding vulnerability reports resulting from automated and manual security tests Provide guidance for remediation work required for identified vulnerabilities Help teams apply secure development practices as instructed through training modules
- Provide oversight and guidance on application security toolset, including all facets of security scanning (DAST, SAST, SCA, Mobile)
- Help with strategic direction for security testing tools by maintaining familiarity with industry trends and solutions, in collaboration with Application Security Architects
- Help define, and drive the adoption of, a global approach to application vulnerability management through collaboration with teams
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. and experience with application security concepts
- Minimum 1-2 years of experience working in Application Security
- Knowledge of application vulnerability remediation best practices
- Familiarity with the HCL AppScan toolset, including configuration and operations
- Experience with using tools to perform SAST/SCA scanning and remediation (., Checkmarx, HCL ASoC, GitHub Advanced Security,
- Ability to understand and instruct secure coding best practices
- Stay informed on the industry standing of application vulnerabilities and solutions, as reported through OWASP and other industry sources
- Strong organizational, analytical and customer service skills
- Ability to work effectively as an individual and within a team environment
- Ability to communicate effectively (both written and verbal communication)
- Willingness and desire to learn the latest technologies
- Familiarity or experience with CI/CD pipelines and Agile methodologies
- Experience with integrating security testing into DevOps pipelines a plus
- Familiarity with the HCL AppScan toolset, including configuration and operations
- Knowledge of risk management processes (., methods for assessing and mitigating risk)
- Knowledge of specific operational impacts of cybersecurity lapses
- Knowledge of system and application security threats and vulnerabilities (., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
- Experience with one or more programming languages
Application Security Analyst - Monterrey, México - CHUBB
Descripción
The Chubb Information Security team is responsible for protecting information and information systems against unauthorized access, detecting and responding to attempts to gain access and enabling access through our identity processes. Chubb operates a global information security team supporting local business units across five regions (Asia Pacific, North America, Latin America, Japan, and Europe including the Middle East and Africa). Our global information security strategy is developed with input from each of these regions and translated into programs that are then executed by the regions using resources from each region (especially, our infrastructure partners).
The Application Security Analyst Role is a global role that requires an understanding of application security and the dev-ops process. This role will support the growth of the Application Vulnerability program. Candidates are required to have broad knowledge of application vulnerability identification, remediation, and management practices. They will engage directly with the application development community to drive adherence to and expansion of the Application Vulnerability program.
Roles and Responsibilities:
The position roles and responsibilities include but are not limited to:
Minimum Qualifications:
Preferred Qualifications