AVP, Application Security Dynamic Analyst - Synchrony
New York, NY
About the Job
Job Description:
Role Summary/Purpose:
AVP, Application Security Dynamic Analyst will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role's focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications, review security findings with application teams, and support remediation tracking.
We're proud to offer you choice and flexibility. At Synchrony, our way of working allows you to have the option to work from home, near one of our Hubs or come into one of our offices. Occasionally you may be required to commute to our nearest office for in person engagement activities such as business or team meetings, training and culture events.
Essential Responsibilities:
+ Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and API's, utilizing enterprise DAST platforms and tooling
+ Partner with developers to perform False Positive Analysis and audit/triage of findings to ensure true positives are identified and addressed
+ Validate remediation of DAST and web application security assessment findings
+ Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans
+ Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance
+ Operate in an Agile development environment, understanding tools, concepts, and methodologies
+ Contribute towards maturing application security processes, standards, and guidelines
+ Create and enhance internal documentation, e.g. job aids and run books
+ Support the collection of data and documentation in support of examinations/audits
+ Perform other duties and/or special projects as assigned.
Qualifications/Requirements:
+ Bachelor's degree and a minimum 3 years of work experience in IT OR in in lieu of a degree, a High School Diploma/GED and minimum 5 years work experience
+ In-depth knowledge and experience in Dynamic Application Security Testing (DAST) and manual web application assessments
+ Knowledge and understanding of common security vulnerabilities and weaknesses, including OWASP Top 10
+ Hands-on experience with any of the following application security assessments tools: Micro Focus WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools
Desired Characteristics:
+ Industry certifications such as CISSP, CSSLP, Security+, or C|EH are a plus
+ 3 or more years with Secure coding practices/System Integration
+ Financial services industry experience
+ Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.
+ Awareness of the latest cybersecurity trends and developments.
+ Equivalent work experience and a proven track record in the field of Software Development and/or Information security
Grade/Level: 10
The salary range for this position is 95,000.00 - 160,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
+ You must be 18 years or older
+ You must have a high school diploma or equivalent
+ You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
+ You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
+ New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months' time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months' time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don't meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you'll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard-but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we're building a future where we can all belong, connect and turn ideals into action. Through the power of our 8 Diversity Networks+ (https://www.synchronycareers.com/our-culture/#diversity) , with more than 60% of our workforce engaged, you'll find community to connect with an opportunity to go beyond your passions.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.
Reasonable Accommodation Notice:
+ Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
+ If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am - 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology
Role Summary/Purpose:
AVP, Application Security Dynamic Analyst will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role's focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications, review security findings with application teams, and support remediation tracking.
We're proud to offer you choice and flexibility. At Synchrony, our way of working allows you to have the option to work from home, near one of our Hubs or come into one of our offices. Occasionally you may be required to commute to our nearest office for in person engagement activities such as business or team meetings, training and culture events.
Essential Responsibilities:
+ Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and API's, utilizing enterprise DAST platforms and tooling
+ Partner with developers to perform False Positive Analysis and audit/triage of findings to ensure true positives are identified and addressed
+ Validate remediation of DAST and web application security assessment findings
+ Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans
+ Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance
+ Operate in an Agile development environment, understanding tools, concepts, and methodologies
+ Contribute towards maturing application security processes, standards, and guidelines
+ Create and enhance internal documentation, e.g. job aids and run books
+ Support the collection of data and documentation in support of examinations/audits
+ Perform other duties and/or special projects as assigned.
Qualifications/Requirements:
+ Bachelor's degree and a minimum 3 years of work experience in IT OR in in lieu of a degree, a High School Diploma/GED and minimum 5 years work experience
+ In-depth knowledge and experience in Dynamic Application Security Testing (DAST) and manual web application assessments
+ Knowledge and understanding of common security vulnerabilities and weaknesses, including OWASP Top 10
+ Hands-on experience with any of the following application security assessments tools: Micro Focus WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools
Desired Characteristics:
+ Industry certifications such as CISSP, CSSLP, Security+, or C|EH are a plus
+ 3 or more years with Secure coding practices/System Integration
+ Financial services industry experience
+ Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.
+ Awareness of the latest cybersecurity trends and developments.
+ Equivalent work experience and a proven track record in the field of Software Development and/or Information security
Grade/Level: 10
The salary range for this position is 95,000.00 - 160,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
+ You must be 18 years or older
+ You must have a high school diploma or equivalent
+ You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
+ You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
+ New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months' time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months' time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don't meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you'll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard-but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we're building a future where we can all belong, connect and turn ideals into action. Through the power of our 8 Diversity Networks+ (https://www.synchronycareers.com/our-culture/#diversity) , with more than 60% of our workforce engaged, you'll find community to connect with an opportunity to go beyond your passions.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.
Reasonable Accommodation Notice:
+ Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
+ If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am - 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology
Source : Synchrony