Information/Application Security Analyst

Full Time
Santa Clara, CA
Industry: Computer Networking
Areas of Interest: Vulnerability Assessment and Management
report a problem

What you’ll do:

The Application Security Analyst is responsible for the security of our applications. This position is responsible for identifying vulnerabilities, assessing their risk, and working with developers, QA analysts, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities. 

This individual will also be responsible for improving our automated testing processes integration with engineering tools and processes, automation, and automatic reporting.

Roles and Responsibilities

  • Perform manual and automated assessments of applications, both dynamically and statically, produce reports, open tickets in Engineering work tracking systems (e.g. JIRA), and meet with development teams as required.
  • Operate and maintain application security tools. This includes their integration points with JIRA, Jenkins, etc.
  • Consult with Engineering and Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
  • Create training materials to educate stakeholders about key security concepts using a variety of media.
  • Participate in security incident response activities

Who you’ll work with:

You’ll work partner with other Information Security team members, as well as engineering, product management and operations team members.

Who you are:

Ideally, you’ll have experience with both application development as well as information security concepts, be an effective communicator, and document and report effectively. Experience in a similar role is preferred. He or she must work well in dynamic and often informal teams. He or she should also be able to coordinate disparate priorities and constraints on development teams, manage different personalities, and maintain objectivity and a strong understanding that security is just one of the business's activities.

Minimum qualifications include:

  • Bachelor’s Degree
  • 3+ years of application security experience, 5+ years preferred
  • 1+ year development experience, 2+ years preferred
  • Experience in application and infrastructure security practices and standards (such as OWASP, SANS Top 25, CIS, NIST, CVE Best practices across cloud platforms Cloud+, CCSK, AWS CSA, Security+)
  • Web application development experience in C# or Java
  • Knowledge of HTTP, JavaScript, XML, HTML 5, SQL
  • Experience reviewing code for vulnerabilities in Java, C#, Javascript/jQuery, etc.
  • Knowledge of tools such as Nessus, Saint, Wireshark, Netcat, Metasploit, Burp Suite, OWASP ZAP,  Fiddler, Paros, Sqlmap, Nikto, Nmap, etc. and source code analyzers

Why Cisco:

Jasper, which became part of Cisco in March of 2016, is a global Internet of Things (IoT) platform leader. Cisco Jasper has designed its industry-leading, cloud-based IoT platform to enable companies of all sizes to rapidly and cost-effectively launch, manage and monetize IoT services on a global scale. When companies do this, they become much more than product businesses. They become service businesses, capable of automatically managing their customers’ entire IoT service lifecycle, delivering increased customer value and unlocking new sources of revenue. More than 9,000 companies in over 20 vertical markets, including many of the world’s top brands, choose Cisco Jasper to fast-track their IoT services. Jasper currently partners with 30 mobile operator groups, representing more than 100 mobile operator networks worldwide.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Share this job:


TOMORROW starts here
Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time.Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 65,225 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company's core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical support and advanced services. Cisco sells its products and services, both directly through its own sales force as well as through its channel partners, to large enterprises, commercial businesses, service providers, and consumers.
Visit Cisco's Social Media pages:
Company Industry: Computer Networking
Company Type: Public Company
Company Size: 10,001+