Job Information
Huntington National Bank Cybersecurity Application Security Analyst - Principal in Columbus, Ohio
Description
The role “Cybersecurity Application Security Analyst Principal I” analyzes and consults on the security of applications in tandem with their underlying services. Application security analyst are scanning applications for vulnerabilities, presenting the results to the application teams, and advising on resolutions before the vulnerabilities can be exploited. The analyst combines automated tools with manual testing to validate vulnerabilities and must have a strong technical knowledge of the vulnerabilities found as well as how to remediate and defend against them. The Principal Analyst is also responsible for monitoring program effectiveness, thought leadership in creating effective strategies for future growth, and championing the program to direct and senior leadership.
Responsibilities
Execute and Support the domain operational procedures (communication, coordination and tracking) of Application Security Vulnerabilities. This includes but is not limited to running Application Security Scans (SAST/SCA/IaS/API, DAST, MAST, etc.).
Fully define and follow a security review process to ensure an automated and repeatable process is managed, using the applicable dynamic and static code analysis resources.
Participate in leading and defining Application Security practices for the bank promoting security awareness, mentoring other team members, and staying up-to-dateon security trends related to threats, and vulnerabilities. Establish enterprise secure code training modules other methods to ensure uniformed secure coding practices by development teams.
Support Application Development teams with results and related consulting based off scans through reviewing findings with Application Teams and document and tracking security findings through remediation.
Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing. Use security standards and implementation configurations, as well as common security frameworks to improve the program.
Focus on application security that observes compliance –Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws.
Lead lunch & learn opportunities on secure coding and hold open office hours for developers and application support teams.
Basic Qualifications:
Bachelor’s degree
7 years of Application development experience in designing and implementing software systems, building mission-critical and highly reliable software
7 years of Application development background in Java/.Net or similar with excellent understanding in mitigating OWASP Top 10 attacks on web applications/services, cryptography, RESTful API, TLS/SSL, DDoS mitigation, authentication, authorization, and/or general web application security
5 years of secure/rugged engineering concepts such as secure coding practices and secure code reviews used to identify, mitigate, and prevent threat vectors
5 years of vulnerability management lifecycle and process
3 years of security architecture and tools which can be leveraged for Application Security mitigation
Preferred Qualifications:
9 years of Application development experience in designing and implementing software systems, building mission-critical and highly reliable software
9 years of Application development background in Java/.Net or similar with excellent understanding in mitigating OWASP Top 10 attacks on web applications/services, cryptography, RESTful API, TLS/SSL, DDoS mitigation, authentication, authorization, and/or general web application security
Extensible Experience with Security Assessment Toolsets
Extensible Experience in automation and scripting of applications and systems
Knowledge of relational databases and structured query language
Matured ability to communicate effectively clearly and concisely to drive change
Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)
Yes
Workplace Type:
Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.
Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.
Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position