Information/Application Security Analyst
What you’ll do:
The Application Security Analyst is responsible for the security of our applications. This position is responsible for identifying vulnerabilities, assessing their risk, and working with developers, QA analysts, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities.
This individual will also be responsible for improving our automated testing processes integration with engineering tools and processes, automation, and automatic reporting.
Roles and Responsibilities
- Perform manual and automated assessments of applications, both dynamically and statically, produce reports, open tickets in Engineering work tracking systems (e.g. JIRA), and meet with development teams as required.
- Operate and maintain application security tools. This includes their integration points with JIRA, Jenkins, etc.
- Consult with Engineering and Operations as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
- Create training materials to educate stakeholders about key security concepts using a variety of media.
- Participate in security incident response activities
Who you’ll work with:
You’ll work partner with other Information Security team members, as well as engineering, product management and operations team members.
Who you are:
Ideally, you’ll have experience with both application development as well as information security concepts, be an effective communicator, and document and report effectively. Experience in a similar role is preferred. He or she must work well in dynamic and often informal teams. He or she should also be able to coordinate disparate priorities and constraints on development teams, manage different personalities, and maintain objectivity and a strong understanding that security is just one of the business's activities.
Minimum qualifications include:
- Bachelor’s Degree
- 3+ years of application security experience, 5+ years preferred
- 1+ year development experience, 2+ years preferred
- Experience in application and infrastructure security practices and standards (such as OWASP, SANS Top 25, CIS, NIST, CVE Best practices across cloud platforms Cloud+, CCSK, AWS CSA, Security+)
- Web application development experience in C# or Java
- Knowledge of tools such as Nessus, Saint, Wireshark, Netcat, Metasploit, Burp Suite, OWASP ZAP, Fiddler, Paros, Sqlmap, Nikto, Nmap, etc. and source code analyzers
Jasper, which became part of Cisco in March of 2016, is a global Internet of Things (IoT) platform leader. Cisco Jasper has designed its industry-leading, cloud-based IoT platform to enable companies of all sizes to rapidly and cost-effectively launch, manage and monetize IoT services on a global scale. When companies do this, they become much more than product businesses. They become service businesses, capable of automatically managing their customers’ entire IoT service lifecycle, delivering increased customer value and unlocking new sources of revenue. More than 9,000 companies in over 20 vertical markets, including many of the world’s top brands, choose Cisco Jasper to fast-track their IoT services. Jasper currently partners with 30 mobile operator groups, representing more than 100 mobile operator networks worldwide.
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Company Type: Public Company
Company Size: 10,001+