Sr. Analyst II, Application Security

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.

If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!

Job Description

Key Responsibilities / Duties:

• Design, implement, and maintain web application firewall solution for Invesco’s web applications.
• Collaborate with the Application and Cyber defense team to evaluate and mitigate potential threats to Invesco's web applications.
• Monitor the web application firewall for security events and take appropriate action to mitigate threats.
• Configure and maintain web application firewall rules and policies to ensure optimal protection.
• Exception handling the WAF rules.
• Conduct thorough penetration tests on Applications to identify vulnerabilities.
• Simulate real-world cyber-attacks to assess the effectiveness of security controls.
• Utilize a variety of security testing tools, both commercial and open source, to identify and exploit vulnerabilities.
• Perform regular vulnerability assessments using automated tools and manual testing methods.
• Stay current with emerging security threats and trends in penetration testing methodologies.
• Provide consulting services to stakeholders on remediation and mitigation strategies.
• Writing reports based on testing output.
• Stay up to date with the latest web application security trends and techniques.
• Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities.
• Other duties as assigned.

Work Experience / Knowledge:

• 5 plus years of relevant experience in information security
• Minimum 3 years of experience in designing, implementing, and maintaining web application firewall solutions.
• Minimum 3 years in penetration testing of Web Applications.
• The candidate should also have a solid understanding of API security, API and Application standards, DevSecOps practices, Threat modeling.
• Strong understanding of web application security and common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
• Experience with web application firewall solutions such as AWS WAF, Cloudflare.
• Prior knowledge of penetration testing tools, scripting languages, software vulnerabilities, exploits and malware.
• Excellent analytical and problem-solving skills.
• Strong communication skills and ability to work well in a team environment.
• Relevant certifications such as Pentest+, Burp suite certified practitioner exam, AWS Cloud Practitioner are a plus.
• Prior experience of vulnerability management and application security
• Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications & applicable monitoring tools.
• Network infrastructure knowledge
• Security configuration knowledge
• Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public.
• Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse.

Skills / Other Personal Attributes Required:

• Experience of working in a high volume and result-oriented operational environment
• Ability to communicate assertively – verbally as well as in writing- technical information clearly and concisely, commensurate with the audience.
• Maintain strict confidentiality of all security issues.
• Must be assertive, methodical and detail oriented.
• Must be intensely curious, innovative, and think beyond existing procedures.
• Must be able to build rapport quickly and positively influence outcomes.
• Must be a team player and self-starter.
• Ability to multi-task and work on more than one initiative at a time
• Flexible – able to meet changing requirements and priorities.
• Maintain current knowledge for all applicable technical areas.

Formal Education:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

No

Workplace Model

At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. 

Why Invesco

In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other’s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. 

We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs).  

What’s in it for you? 

As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. 

Our benefit policy includes but not limited to: 

• Competitive Compensation 
• Flexible, Hybrid Work 
• 30 days’ Annual Leave + Public Holidays 
• Life Insurance 
• Retirement Planning 
• Group Personal Accident Insurance 
• Medical Insurance for Employee and Family 
• Annual Health Check-up 
• 26 weeks Maternity Leave 
• Paternal Leave 
• Adoption Leave 
• Near site Childcare Facility 
• Employee Assistance Program 
• Study Support 
• Employee Stock Purchase Plan 
• ESG Commitments and Goals 
• Business Resource Groups 
• Career Development Programs 
• Mentoring Programs 
• Invesco Cares 
• Dress for your Day 

In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. 

To know more about us 

About Invesco: https://www.invesco.com/corporate/en/home.html 

About our Culture: https://www.invesco.com/corporate/en/about-us/our-culture.html 

About our D&I policy: https://www.invesco.com/corporate/en/our-commitments/diversity-and-inclusion.html 

About our CR program: https://www.invesco.com/corporate/en/our-commitments/corporate-responsibility.html 

Apply for the role @ Invesco Careers: https://careers.invesco.com/india/