Application Security Analyst
Apply NowCompany: Fidelity & Guaranty Life
Location: Des Moines, IA 50317
Description:
Summary
FGL Holdings-the F&G family of insurance companies-is committed to helping Americans prepare for and live comfortably in their retirement. Through its subsidiaries, F&G is a leading provider of annuity and life insurance products. For nearly 60 years, we have offered annuity and life insurance products to those who are seeking safety, protection and income solutions to meet their needs.
At F&G, we believe our culture is what makes our company great. In 2019, we received a Top Workplace award, which we credit to our employees' shared cultural values: Collaborative, Authentic, Dynamic and Empowered. We believe that by embracing these values, we will continue to build and strengthen the company, while being a great place to work. We recruit talented and committed individuals to join our team, and we provide opportunities for personal and professional growth.
This is for a position as an Application Security Analyst on the IT Security and Risk team.
Organization
The Application Security Analyst helps improve and maintain the application security program by providing guidance pertaining to secure web development design and testing. The resource will partner with Business Systems, Solutions Delivery, Engineering, and Operations teams to educate, evangelize, and validate secure development practices.
Duties and Responsibilities
Bachelor's degree in Computer Science, Information Systems, Engineering, Mathematics, Business, or 5 years IT experience
Minimum of 3 years of experience with commonly used programming tools, workflows, and concepts
Security training or education a plus (Ex: SANS/GIAC, ISC2, ISACA, EC-Council, Offensive Security, etc.)
Preferred Skills and Abilities
Ability to read and understand code as well as ability to script
A strong understanding of Unix, Windows and network security skills
Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and highly nontechnical individuals
Have passion for technology, security and innovation
Familiarity with commonly used programming tools, workflows, and concepts
Ability to work independently and in a team-oriented, collaborative environment
Ability to conform to shifting priorities, demands, and timelines through analytical and problem-solving capabilities
Ability to remain flexible during times of change and react to project adjustments and alterations promptly, efficiently and positively
Must be able to learn, understand and apply new technologies
Ability to effectively prioritize and execute tasks
Physical Demands and Work Environment
Typical office environment
#INDHP
#LI-JS1
FGL Holdings-the F&G family of insurance companies-is committed to helping Americans prepare for and live comfortably in their retirement. Through its subsidiaries, F&G is a leading provider of annuity and life insurance products. For nearly 60 years, we have offered annuity and life insurance products to those who are seeking safety, protection and income solutions to meet their needs.
At F&G, we believe our culture is what makes our company great. In 2019, we received a Top Workplace award, which we credit to our employees' shared cultural values: Collaborative, Authentic, Dynamic and Empowered. We believe that by embracing these values, we will continue to build and strengthen the company, while being a great place to work. We recruit talented and committed individuals to join our team, and we provide opportunities for personal and professional growth.
This is for a position as an Application Security Analyst on the IT Security and Risk team.
Organization
The Application Security Analyst helps improve and maintain the application security program by providing guidance pertaining to secure web development design and testing. The resource will partner with Business Systems, Solutions Delivery, Engineering, and Operations teams to educate, evangelize, and validate secure development practices.
Duties and Responsibilities
- Primarily responsible for application security assessments and code review as part of the software development lifecycle (SDLC)
- Develop, educate, promote, and monitor the use of secure software development practices
- Work with developers to implement and refine security checkpoints in the SDLC
- Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle
- Continue to drive security evaluation earlier in the cycles through iterative security testing
- Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities
- Provide regular status reports on the security of the software within the organization
- Manage the application security scanning process, including analysis, communication and remediation verification
- Implement and Govern automated secure coding tools and processes (SAST, DAST) to review code as it is written, promoted through the development lifecycle, and into production
- Provide advisory services in secure coding practices to application development teams
- Perform security activities, including security design reviews, threat modeling, code auditing on internally& externally developed software
- Operate as incident responder for triage pertaining to web-based vulnerabilities
- Work with information security analysts to refine web application penetration testing methods and breadth of security services
- Assist with periodic security risk assessments, IT security audits, and management reporting
- Help Build, maintain, and enforce application security development policies, procedures & standards
Bachelor's degree in Computer Science, Information Systems, Engineering, Mathematics, Business, or 5 years IT experience
Minimum of 3 years of experience with commonly used programming tools, workflows, and concepts
Security training or education a plus (Ex: SANS/GIAC, ISC2, ISACA, EC-Council, Offensive Security, etc.)
Preferred Skills and Abilities
Ability to read and understand code as well as ability to script
A strong understanding of Unix, Windows and network security skills
Possess excellent verbal and written communication skills and are able to navigate in an environment with both highly technical and highly nontechnical individuals
Have passion for technology, security and innovation
Familiarity with commonly used programming tools, workflows, and concepts
Ability to work independently and in a team-oriented, collaborative environment
Ability to conform to shifting priorities, demands, and timelines through analytical and problem-solving capabilities
Ability to remain flexible during times of change and react to project adjustments and alterations promptly, efficiently and positively
Must be able to learn, understand and apply new technologies
Ability to effectively prioritize and execute tasks
Physical Demands and Work Environment
Typical office environment
#INDHP
#LI-JS1