Huntington National Bank
Cybersecurity Web Application Security Developer/Analyst - Expert
Huntington National Bank, Columbus, Ohio, United States, 43224
DescriptionSummary:The Cybersecurity Web Application Security Developer/Analyst - Expert will analyze the security of applications in tandem with their underlying services. Application security analysts are scanning applications for vulnerabilities, presenting the results to the application teams, and advising on resolutions before the vulnerabilities can be exploited. The analyst combines automated tools with manual testing to validate vulnerabilities and must have a strong technical knowledge of the vulnerabilities found as well as how to remediate and defend against them. The Expert Analyst is also responsible for monitoring program effectiveness, creating effective strategies for future growth, and championing the program to leadership.ResponsibilitiesExecute and support the domain operational procedures (communication, coordination and tracking) of Application Security Vulnerabilities. This includes but is not limited to running Application Security Scans (SAST, DAST, etc.).Fully define and follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources.Participate in leading and defining Application Security practices for the firm promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats and vulnerabilities. Establish enterprise secure code training modules and other methods to ensure uniform secure coding practices by development teams.Support Application Development teams with results from scans through reviewing findings with Application Teams and document and track security findings through remediation.Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing. Use security standards and implementation configurations, as well as common security frameworks to improve the program.Focus on application security that observes compliance with the Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc., and privacy laws.Basic Qualifications7+ years of experience in Web Application development in designing and implementing software systems, building mission-critical and highly reliable software.7+ years of experience in Web Application development background in Java/.Net or similar with excellent understanding in mitigating OWASP Top 10 attacks on web applications/services, cryptography, key management, PKI, TLS/SSL, DDoS mitigation, authentication, authorization, and/or general web application security.5+ years of experience with a strong understanding of secure/rugged engineering concepts such as secure coding practices and secure code reviews used to identify, mitigate, and prevent threat vectors.5+ years of experience with a strong understanding of vulnerability management lifecycle and process.3+ years of experience with a strong understanding of security architecture and tools which can be leveraged for Application Security mitigation.Strong experience with Security Assessment Toolsets.Strong experience in automation and scripting of applications and systems.Strong knowledge of relational databases and structured query language.Strong knowledge of client/server relationships and multi-tier environments.Ability to communicate effectively, clearly, and concisely to drive change.Ability to communicate effectively, clearly, and concisely verbally and through technical writing.Associate Degree.Exempt Status:
Yes (not eligible for overtime pay)Workplace Type:
HybridHuntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position.
#J-18808-Ljbffr
Yes (not eligible for overtime pay)Workplace Type:
HybridHuntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position.
#J-18808-Ljbffr