Application Security Analyst
United States
Fidelity National Financial
Overview
POSITION OVERVIEW
Fidelity National Financial (FNF) is seeking a DevSecOps Analyst to join its Information Security Office (ISO). This position will be reporting to the Manager of DevSecOps. The ideal candidate has experience in application and cloud security controls, processes, and technology, with working knowledge of DevOps, as well as knowledge of public/private/hybrid cloud infrastructures, client/server applications, security controls and implementation strategies.
To be successful in this position, you will need a deep technical understanding of security as a business enabler, an understanding of popular platforms and languages, and the ability to learn new information at a rapid pace. Excellent verbal, written and presentation skills, strong interpersonal skills, and the ability to work effectively across project teams is a must. A strong track record in cyber security is critical, but the willingness and drive to improve security overall is even more important.
DUTIES & RESPONSIBILITIES
- Contributes on an individual basis to raise the application security posture across the organization.
- Monitors automated testing tools, triages identified issues, and works with development teams on remediation.
- Performs and/or assists with internal application security assessments, audits, and tests as needed to ensure proper functioning of data processing activities and security measures.
- Researches the latest in information technology security trends and compliance trends to keep up to date with the subject and use the latest technology to protect information.
- Builds and sustains good working relationships with development and infrastructure teams and involve them in the overall application and cloud Security Technology strategy.
- Acts as a subject matter expert for application owners and developers in understanding vulnerabilities, threats and how to remediate or mitigate them.
MINIMUM REQUIREMENTS
- Bachelor’s degree in computer science or business with emphasis in IT or equivalent experience or education.
- Requires 3+ years of experience in various security and technology domains.
- Experience in modern Azure development and delivery platforms.
- Subject matter expertise in Azure security.
- Experience using SAST, DAST/IAST and SCA tools and ability to communicate their results and findings clearly to application owners and developers.
- Hands-on experience with information security considerations and practices on Microsoft’s application stack.
PREFERRED EXPERIENCE
- Experience with Container technologies tooling (Docker, Kubernetes, Helm, etc.)
- Prior development experience with the Microsoft application stack.
- Experience with Fortify on Demand, Mend, and Red Hat ACS.
- Continuous integration and delivery tooling (CI/CD).
- Current security certification (e.g., CISSP, CISM).
- Demonstrated experience in helping application development and product teams shift left on application security.
This remote position is eligible to earn a base salary in the range of $150,000 - $180,000 based on location and job-related factors such as skillset and experience. The base salary is one component of the total rewards package offered to our employees, including insurance (medical/dental/vision/life/disability), matching 401(k) plan and matching employee stock purchase plan.
Tags: Application security Audits Azure CI/CD CISM CISSP Cloud Compliance Computer Science DAST DevOps DevSecOps Docker Helm IAST Kubernetes Red Hat SAST Security assessment Strategy Vulnerabilities
Perks/benefits: Equity / stock options Health care Insurance
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.