• Senior Application Security Analyst

    Location US-OH-Cincinnati
    Posted Date 1 week ago(1/10/2019 12:10 PM)
    Job ID
    # Positions
    Position Type
    Full Time
  • Overview

    Be Here. Be Great. Working for a leader in the insurance industry means opportunity for you. Great American Insurance Group’s member companies are subsidiaries of American Financial Group, a Fortune 500 company. We combine a "small company" culture where your ideas will be heard with "big company" expertise to help you succeed. With over 30 specialty property and casualty operations and a variety of financial services, there are always opportunities here to learn and grow.


    This person will be member of the Security, Performance, and Automation Scrum Team within the Application Development department of Annuity IT.   We are looking for an individual to drive, develop, and implement security testing framework and strategy.  This person will help reduce our vulnerability risk through security requirements and standards.  In addition to our internal department standards, this person will also ensure the department’s adherence to the corporate security standards (EISG).  


    • Perform risk based, technical assessments of applications, using both dynamic and static scanning tools, produce reports, open tickets in ticketing systems and meet with development teams as required.
    • Implement, operate and maintain application security tools, such as static application security testing (SAST) and dynamic application security testing (DAST) tools.
    • Consult with delivery teams as required on security designs of applications, questions about vulnerabilities, and remediation approaches.
    • Designs, implements, administers, and tests firewalls, software, and/or hardware.
    • Performs analysis of access control and violations.
    • Identifies security risks and exposures; determines causes of complex security violations at the highest technical level.
    • Performs audits to ensure compliance with internal security standards and regulatory requirements.
    • Leads the work of others (mentors, prioritizes, delegates, and reviews assignments).
    • Drives creation of training materials to educate development staff and stakeholders about key security concepts.
    • May have responsibility for performance and coaching of staff and may have a participatory role in decisions regarding talent selection, development, and performance management for direct reports.
    • Keep up to date on industry changes; understand emerging security practices and standards.
    • Participates in education opportunities, including reading professional publications, participating in professional organizations.
    • Ability to work within Scrum Framework and Principles
    • Effectively communicate with all levels of the organization
    • Excels in a collaborative environment
    • Possesses Team result mentality
    • Performs other duties as assigned.


    Technical Skills:

    • SAST Tooling experience
    • Security solutions such as firewalls, IDS/IPS, proxies, VPNs, malware protection, etc.
    • Knowledge of industry standards as it related to development practice
    • In-depth knowledge of web application vulnerabilities and exploitation techniques, SDLC and identify and access management
    • Object Oriented Programming (OOP) Language experience. Such as C#,Java,Python, etc.
    • Experience reviewing code vulnerabilities in .NET, JAVA, C#, Javascript/Query
    • Knowledge of white hat hacker tools
    • Familiarity with application security scanning technologies
    • Familiarity with cloud based application development services and tools


    Other Requirements:

    • Bachelors Degree or equivalent experience
    • 5 or more years application security experience;
    • 1-3 Years development experience
    • Working in an Agile environment
    • Relies on extensive experience and judgement to resolved complex issues regarding Information Security.  
    • Performs work under limited supervision.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Build your career profile here to connect with us!