Senior Application Security Analyst

• Provide guidance on and oversee enforcement of the NCB application security and DevSecOps standards in projects and other changes, ensuring adherence of the project and implementation teams to these standards as well as to applicable industry and regulatory standards. 

• Periodically update the application security standards and operating procedures for evaluating the security of application software to address changing business needs, new developments in the field and the changing threat landscape.  

• Act as application security subject matter expert (SME) to provide guidance to internal software development teams, contractors and vendors on how to avoid and resolve common software flaws such as SQL injection, cross-site scripting, cross-site request forgery, buffer overflows, insecure cryptographic storage, insecure communication, improper access control and broken authentication and session management.  

• Promote the use of secure development techniques throughout the Software Development Lifecycle to avoid common software vulnerabilities. 

• Supervise the work of internal and external security personnel performing various security reviews and tests for projects and other initiatives. 

• Actively participate in projects and operational initiatives involving software development to ensure security requirements and standards are met.  

• Implement and use manual and automated security assessment techniques such as security stories, threat modeling, application architecture reviews, configuration reviews, code reviews, static and dynamic application security testing,  penetration tests and software composition analysis to identify design, coding and implementation weaknesses in applications.  

• Recommend techniques to minimize or correct application security weaknesses identified.  

• Assess the risk level of applications using various criteria and use it to determine the level of security controls required and the verification requirements to provide the commensurate level of assurance.   

• Bachelor’s Degree in computer science or related discipline from an accredited tertiary institution

• Four (4) years working experience in information technology of which a minimum three (3) years should have been at a supervisory level engaging in application development, system analysis and design, quality assurance testing or security testing

• Certification requirements 

- CSSLP (Certified Secure Software Lifecycle Professional) or GIAC Certified Web Application Defender (GWEB) or Certified Application Security Engineer (CASE) or Certified Ethical Hacker (CEH) or other application security testing or secure development certification

- CISSP or CRISC or other security and risk management certifications

- Formal training in Project Management, Human Relations, Supervisory Management