Application Security Analyst
Eze Software is seeking an Application Security Analyst to work out of our Boston headquarters. Eze Software is a leading global provider of best-in-breed software solutions and technology services designed to maximize investment and operational alpha for the entire institutional investment process and community. Our vision: to lead a reimagined investment process by creating a completely open, seamless, and fluid investment ecosystem.
The Application Security Analyst will be tasked with researching threats and attack vectors that impact web, enterprise and mobile applications, identifying vulnerabilities in applications developed by Eze and their supporting infrastructure, and assisting the engineering and IT teams in the remediation efforts. The analyst will take an essential part in strengthening the security element of the DevSecOps practices at Eze by bringing together personal research and testing, SAST and DAST findings, and bug bounty program reports, and helping the engineering and IT teams turn vulnerabilities into actionable opportunities to improve the security posture of our products and systems. The analyst will report to the Director of Application and Cloud Security, and work in close association with the product engineering teams to help to maintain and enforce application security best practices throughout the SDLC and DevOps.
- Research threats and attack vectors that may impact Eze's applications and infrastructure. Stay up-to-date with current offensive and defensive tactics, techniques and procedures.
- Assist engineering teams with the configuration, tuning and operation of SAST and DAST tools, and their integration into the development process.
- Help to validate and interpret SAST, DAST, bug bounty program and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.
- Assist in creating and delivering training for engineering team members on secure code development, and other security literacy topics.
- Help to develop and collect metrics to measure the success of the application security program.
- Assist with the incident response procedures.
- Minimum Bachelor degree or comparable work experience.
- Excellent communication skills and ability to work across multiple teams.
- Minimum 3 years of hands-on experience in information security.
- Experience with SAST and DAST tools, such as Checkmarx, Minimums, Veracode, WhiteHat Security, AppScan.
- Experience with performing manual application vulnerability assessments.
Nice to Haves:
- Prior bug bounty programs participation.
- Experience working within DevOps/DevSecOps model.
- Industry certifications: OSCP, CEH, relevant (ISC)2 and SANS certifications
Who We Are:
We are a trusted and proven partner to the investment community. We complement our award winning investment workflow technology with expert global customer service. We pride ourselves on fully understanding each client’s unique needs and advising them on best practices and processes to maximize their operational and investment alpha. Our team is made up of more than 1,000 global employees in 11 locations worldwide. We are headquartered in Boston, with offices in Chicago, Hong Kong, Hyderabad, London, New York, Rio De Janeiro, San Francisco, Singapore, Stamford, and Sydney.
We are a highly dedicated team of innovators and experts who love to collaborate on the cutting edge. We service our clients’ unique and growing needs with highly configurable, expansive, and integrated products for the entire investment process and community and we are never satisfied until our customers are delighted. We celebrate this passion and commitment by fostering a culture that promotes innovation, growth, communication and achievement from the bottom up. We nurture the entrepreneurial spirit and welcome productive debated. We encourage open communications and upward feedback, we learn quickly from our mistakes, challenge the status quo – all while remaining accountable to our colleagues and clients. We also understand work is a big part of life, so having fun and celebrating hard work is core within our culture.