Application Security Analyst (Work Remotely Anywhere in the United States)

Since 1998, Businessolver has delivered market-changing benefits technology and services supported by an intrinsic responsiveness to client needs. The company creates client programs that maximize benefits program investment, minimize risk exposure, and engage employees with easy-to-use solutions and communication tools to assist them in making wise and cost-efficient benefits selections. Founded by HR professionals, Businessolver's unwavering service-oriented culture and secure SaaS platform provide measurable success in its mission to provide complete client delight.

Responsible for providing the security guidance to the application development teams. This role will educate the development teams of best practices as it relates to security automation through the use of products and services. The role will develop security standards and best practices for the organization and recommend security enhancements as needed.

The Gig:

Provide application/product security guidance to application development teams.
Advise and educate development teams with respect to application security best practices, security automation within the SDLC, and the proper use of application security products and services.
Perform application security assessments of internally developed products and systems, covering architecture, design, and implementation.
Build threat models for and perform architectural risk assessments of internally developed products and systems.
Perform automated and manual security code reviews
Develop general techniques and frameworks that will enable development teams to find flaws before they are introduced into production
Creative thinking and proposing solutions to grow our business by delighting our clients.
Provides guidance and work leadership to less-experienced technical staff members
May perform other duties as assigned.

What you need to make the cut:

BS in Computer Science, CIS, Software Engineering or related degree.
2-7 years of experience in a security role with a focus application security, specifically reviewing code, identifying security defects, and working with developers to make the appropriate corrections.
2 years of experience in a development role, preferably in a Java environment.
At least 2 years of experience with assessing and reviewing application code for solutions using public cloud services.
Experience should include familiarity with OWASP & SANS identified common security coding flaws, threat modeling, and automated & manual static security code analysis.
Advanced understanding in application architecture and technology including web applications and mobile technology.
Advanced knowledge of authentication & authorization, public cloud, PKI, and cryptography.
Experience with Linux and server less environments
Understanding of infrastructure-as-code
Proficient in a modern scripting language
Familiarity with CI/CD platforms, Version Control Systems
Development experience a plus
Highly motivated, Innovative, self-directed thinker with an eagerness to stay up to date with current trends and a desire to impress.
Excellent written and verbal communication skills.
Thrive in a fast-paced, innovative environment

The pay range for this position is 68K to 107K per year (pay to be determined by the applicant’s education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data).