Synchrony
AVP, Application Security Dynamic Analyst
Synchrony, Stamford, Connecticut, United States, 06925
AVP, Application Security Dynamic Analyst
Company:
Synchrony AVP, Application Security Dynamic Analyst will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role’s focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications, review security findings with application teams, and support remediation tracking. We’re proud to offer you choice and flexibility. At Synchrony, our way of working allows you to have the option to work from home, near one of our Hubs or come into one of our offices. Occasionally you may be required to commute to our nearest office for in-person engagement activities such as business or team meetings, training, and culture events. Responsibilities: Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and APIs, utilizing enterprise DAST platforms and tooling. Partner with developers to perform False Positive Analysis and audit/triage of findings to ensure true positives are identified and addressed. Validate remediation of DAST and web application security assessment findings. Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans. Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance. Operate in an Agile development environment, understanding tools, concepts, and methodologies. Contribute towards maturing application security processes, standards, and guidelines. Create and enhance internal documentation, e.g. job aids and run books. Support the collection of data and documentation in support of examinations/audits. Perform other duties and/or special projects as assigned. Qualifications/Requirements: Bachelor’s degree and a minimum 3 years of work experience in IT OR in lieu of a degree, a High School Diploma/GED and minimum 5 years work experience. In-depth knowledge and experience in Dynamic Application Security Testing (DAST) and manual web application assessments. Knowledge and understanding of common security vulnerabilities and weaknesses, including OWASP Top 10. Hands-on experience with any of the following application security assessments tools: Micro Focus WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools. Desired Characteristics: Industry certifications such as CISSP, CSSLP, Security+, or C|EH are a plus. 3 or more years with Secure coding practices/System Integration. Financial services industry experience. Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences. Awareness of the latest cybersecurity trends and developments. Equivalent work experience and a proven track record in the field of Software Development and/or Information security. Salary:
The salary range for this position is 95,000.00 - 160,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance. Eligibility Requirements: You must be 18 years or older. You must have a high school diploma or equivalent. You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process. You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act. Our Commitment: When you join us, you’ll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard—but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work.
#J-18808-Ljbffr
Company:
Synchrony AVP, Application Security Dynamic Analyst will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role’s focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications, review security findings with application teams, and support remediation tracking. We’re proud to offer you choice and flexibility. At Synchrony, our way of working allows you to have the option to work from home, near one of our Hubs or come into one of our offices. Occasionally you may be required to commute to our nearest office for in-person engagement activities such as business or team meetings, training, and culture events. Responsibilities: Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and APIs, utilizing enterprise DAST platforms and tooling. Partner with developers to perform False Positive Analysis and audit/triage of findings to ensure true positives are identified and addressed. Validate remediation of DAST and web application security assessment findings. Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans. Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance. Operate in an Agile development environment, understanding tools, concepts, and methodologies. Contribute towards maturing application security processes, standards, and guidelines. Create and enhance internal documentation, e.g. job aids and run books. Support the collection of data and documentation in support of examinations/audits. Perform other duties and/or special projects as assigned. Qualifications/Requirements: Bachelor’s degree and a minimum 3 years of work experience in IT OR in lieu of a degree, a High School Diploma/GED and minimum 5 years work experience. In-depth knowledge and experience in Dynamic Application Security Testing (DAST) and manual web application assessments. Knowledge and understanding of common security vulnerabilities and weaknesses, including OWASP Top 10. Hands-on experience with any of the following application security assessments tools: Micro Focus WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools. Desired Characteristics: Industry certifications such as CISSP, CSSLP, Security+, or C|EH are a plus. 3 or more years with Secure coding practices/System Integration. Financial services industry experience. Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences. Awareness of the latest cybersecurity trends and developments. Equivalent work experience and a proven track record in the field of Software Development and/or Information security. Salary:
The salary range for this position is 95,000.00 - 160,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance. Eligibility Requirements: You must be 18 years or older. You must have a high school diploma or equivalent. You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process. You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act. Our Commitment: When you join us, you’ll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard—but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work.
#J-18808-Ljbffr