Information Security Analyst (Application Security) - ASCAP
New York, NY 10107
About the Job
About ASCAP
The American Society of Composers, Authors and Publishers (ASCAP) is a membership association of more than one million songwriters, composers and music publishers, and represents some of the world’s most talented music creators. Founded and governed by songwriters, composers and publishers, it is the only performing rights organization in the U.S. that operates on a not-for-profit basis. ASCAP licenses a repertory of over 20 million musical works to hundreds of thousands of businesses that use music, including streaming services, cable television, radio and satellite radio and brick and mortar businesses such as retail stores, hotels, clubs, restaurants and bars. ASCAP collects the licensing fees; identifies, matches and processes trillions of performances every year; and returns nearly 90 cents of every dollar back to its members as royalties. The ASCAP blanket license offers an efficient solution for businesses to legally perform ASCAP music while respecting the right of songwriters and composers to be paid fairly. ASCAP puts music creators first, advocating for their rights and the value of music on Capitol Hill, driving innovation that moves the industry forward, building community and providing the resources and support that creators need to succeed in their careers. Learn more and stay in touch at www.ascap.com, on X and Instagram @ASCAP and on Facebook.
Are you passionate about working with customers? Are you excited to learn new technologies? Would you rather be coding than whiteboarding? If the answer is yes, then you might make a great fit for our team of talented software engineers who work with our business and product teams on high impact projects using emerging technologies and platforms. ASCAP technologists live our mission, we are passionate about what we do for our customers, and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We stand behind our mission and are committed to delivering the impossible. Bottom line? We outthink ordinary. Discover what you can do with technology at ASCAP!
Job Description: Information Security Analyst (Application Security)
We are looking for a motivated, detail-oriented individual with strong technical skills. This role’s primary focus is on working to secure in-house built and software as a service integrated applications plus working with management on security strategies and product owners/designers/developers/platform engineers/endpoint engineers to design, develop and implement secure systems, networks, and applications. They will also work with Sr. Security Analysts to investigate and respond to security event alerts, manage technical aspects of incident response, work on third party applications/services reviews and the organizations vulnerability management program. This role requires knowledge of Salesforce security and privacy architecture including Salesforce Shield. This role will assist with the creation of a true SDLC program with DevSecOps for our in-house built applications and work with developers to implement information security best practices ensuring that our code is proactively secured while in the pipeline prior to moving to production. The person in this role will need to prioritize and ensure the timely completion of tasks from the scrum masters and management. They should also be able to shift and adjust priorities based on changing business needs in our dynamic environment, while also remaining task-oriented to ensure completion of work from start to finish with appropriate solutions.
Responsibilities:
- Configures, manages, and uses security systems, security monitoring and alerting applications, and security management tools.
- Works closely with Sr. Security Analysts and Security Platform Engineers to investigate and resolve security related events.
- Reviews business partners, new vendors, and products/services for security stature
- Work independently with developers, system/network administrators, product owners, design teams and other colleagues to ensure secure design, development, and implementation of applications and networks - promoting a full SDLC program.
- Perform security architecture design reviews of our applications (primarily Salesforce).
- Perform code analysis of large applications manually and conduct manual vulnerability analysis.
- Provide remediation guidance and recommendations to developers and administrators.
- Work with development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
- Ensure development teams receive pertinent annual secure coding training.
- Researches, evaluates, tests, and assists on implementation of new security solutions around DevSecOps and the application pipeline.
- Works alongside project management in a SCRUM environment to successfully monitor progress and implement security initiatives.
Qualifications:
- Experience supporting security products like CrowdStrike, SecureWorks, Cisco Umbrella, BitLocker, Qualys, CloudLock, SonarQube, Nexus IQ, and Checkpoint.
- Cloud security experience with Salesforce Shield and AWS.
- Bachelor’s degree in computer science or information security.
- Experience investigating and resolving security events.
- A keen eye for detail, an analytical thinker, and the ability to multitask.
- The ability to thrive in fast-paced, high stress situations.
- A problem solver with the ability to communicate effectively with peers, business partners, and management.
- Experience working with development teams to build secure solutions.
- Experience breaking down complex systems and applications to find flaws.
- Able to read, write, and audit Java and the ability to pick up new languages/technologies.
- Experience with secure coding practices and architecting secure applications written in Java.
- The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
- Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations, and best practices.
- Interest in providing security training to developers.
What We Love About You:
- You love our users. You deeply understand our users and put them at the center of everything you do. You aim to serve and delight them every day.
- You do the right thing. You are respectful and act with the highest integrity. If you see something that isn’t right, you say something.
- You debate it. You ask questions to understand a perspective and are comfortable respectfully challenging assumptions. You are not turned off by constructive conflict to get to the right answer.
- You own your outcomes. You set clear ambitious goals. You anticipate obstacles, persevere, and are accountable for your commitments.
- You make fast decisions. You are an effective and timely communicator. You understand how to collaborate, compromise, and escalate when needed.
- You get better every day. You welcome the gift of feedback. You never settle in your quest to grow and develop. By being here, you make our company stronger.
Occasional travel for in-person meetings may be required.
Please be aware that ASCAP is not a nut-free or other allergen-free workplace.
Compensation/Benefits:
Besides providing a unique and dynamic work environment, there are a few other reasons you should consider ASCAP in your career planning. We also offer generous benefit options that are comprehensive and provide the flexibility that most employees want and need. These health care and financial plan options include the following:
- A choice of either network-only provider medical and dental plans or more flexible medical and dental plans where you can see providers in or out-of-network
- Vision plan that offers both in and out-of-network provider options
- 401(k) Plan that offers pre-tax, Roth, and an after-tax employee contribution option which includes a company match.
- An additional employer paid discretionary profit share contribution, regardless of your participation in the 401(k) Plan
- Generous time-off policy
- 12 company holidays
- 16 hours to volunteer with ASCAP Notes the Cause Volunteer Program
- Health care and dependent care flexible spending accounts
- Short-term disability insurance/salary continuation and long-term disability insurance
- Company provided basic life and accidental death and dismemberment insurance
- Employee gym discounts at select gyms
- Commuter benefits
- Voluntary pet health insurance
- Voluntary auto and homeowners insurance
- Voluntary employee, spouse, and dependent life insurance options
- Voluntary ID protection Coverage
ASCAP is an equal opportunity employer. All ASCAP employment decisions are made on the basis of individual qualifications and performance and not on the basis of race, national origin, ethnicity, sex, age, marital status, sexual orientation or preference, gender identity, genetic information, disability, handicap, color, creed, religion, veteran status, or any characteristic protected by applicable federal, state or local laws.
The anticipated base salary range for this position is $100,000.00 to $110,000.00 and will be determined on an individualized basis depending on several factors that are unique to each candidate including geographic location (due to differences in the cost of labor), skills, education and prior relevant experience.