Application Security Analyst
New York, NY

Job Description

Application Security Analyst

REF#: 33204

CBS BUSINESS UNIT: CBS Corporate

JOB TYPE: Full-Time Staff

JOB SCHEDULE: Full-Time

JOB LOCATION: New York, NY

ABOUT US:

CBS Corporation is a mass media company that creates and distributes industry-leading content across a variety of platforms to audiences around the world. The Company has businesses with origins that date back to the dawn of the broadcasting age as well as new ventures that operate on the leading edge of media. CBS owns the most-watched television network in the U.S. and one of the world's largest libraries of entertainment content, making its brand - "the Eye" - one of the most-recognized in business. The Company's operations span virtually every field of media and entertainment, including cable, publishing, local TV, film, and interactive and socially responsible media. CBS' businesses include CBS Television Network, The CW (a joint venture between CBS Corporation and Warner Bros. Entertainment), Network 10, CBS Television Studios, CBS Studios International, CBS Television Distribution, CBS Consumer Products, CBS Home Entertainment, CBS Interactive, CBS Films, Showtime Networks, CBS Sports Network, Pop (a joint venture between CBS Corporation and Lionsgate), Smithsonian Networks, Simon & Schuster, CBS Television Stations, CBS EcoMedia, and CBS Experiences.

DESCRIPTION:

The Application Security Analyst will act as a key technical resource capable of handling many aspects of web, mobile and cloud application security testing. This individual will play an active role within the CBS Information Security Group dedicated to assuring information confidentiality, integrity, availability, and leading the development of a long-term Application and Cloud Security Strategy.

Responsibilities:

* Participate in DAST and SAST Applications security tasks across all divisions


* Performs vendor risk assessments and review of third party penetration testing


* Assist in implementing the integration of secure development standards, tools, and processes into the SDLC


* Produce relevant application security metrics that demonstrate a continually improving AppSec posture


* Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in work tracking systems (e.g. Jira) and meet with development teams as required


* The Analyst will be a hands-on technical professional - she/he will be a key member of the team that develops and supports application security services



QUALIFICATIONS:

Required:

* 3+ years of application security experience


* Software development experience with a deep understanding of coding and scripting languages such as Java and Python


* Understanding of vulnerability testing tools such as Nmap, Qualys, Metasploit, Core Impact, Kali, and Burp Suite Professional


* Knowledge of established penetration frameworks such as the Penetration Testing Execution Standard (PTES) or Open Source Security Testing Methodology Manual (OSSTMM).


* Strong understanding of OWASP Top 10 and other similar frameworks.


* Some knowledge/experience using Jenkins, Bamboo, BitBucket, TFS and other build systems.


* Experience working with DevOps team in integrating security tools, creating and improving on an automated process for security within SDLC.


* Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences


* Experience conducting application penetration tests, running web application and API testing tools, performing manual testing and source code reviews, validating test results, identifying root causes, analyzing vulnerabilities, and helping develop platform-specific remediation plans.


* Bachelors degree



#DICE

#LI-PS1

Preferred:

* One or more of the following security certifications preferred: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH) or similar security certification(s).

EEO STATEMENT:

Equal Opportunity Employer Minorities/Women/Veterans/Disabled