Application Security Analyst

Company Description

We help the world see new possibilities and inspire change for better tomorrows. Our analytic solutions bridge content, data, and analytics to help business, people, and society become stronger, more resilient, and sustainable.

Job Description

Job Description

As an Application Security Analyst III, you will play a key role in securing our applications by managing the full lifecycle of Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), handling bug bounty submissions, and advancing our secure software development lifecycle (SDLC). This is a hands-on technical role that involves managing security assessments, tool integrations, and training programs to ensure a strong security posture across our development processes. This role is based in our Jersey City, NJ global headquarters where we have a flexible hybrid work model.

Key Responsibilities:

• Manage and support the end-to-end DAST and SAST processes, including scan configuration, findings review, report generation, and troubleshooting.
• Drive initiatives to advance the application security program, contributing to secure coding practices and processes.
• Develop and maintain documentation and training materials for enterprise-wide secure SDLC practices.
• Manage bug bounty submissions, including reviewing, triaging, reproducing, verifying, and assessing the risk of submitted vulnerabilities.
• Enhance API integrations with security tools to support metrics reporting and other data-driven security initiatives.
• Contribute to the design, development, and implementation of a threat modeling framework for application security.
• Manage, audit, and track metrics for secure development training programs.

Qualifications

• Bachelor’s degree or higher in Computer Science, Software Engineering, Cybersecurity, or a related field (preferred).
• 3+ years of experience in application security, with hands-on experience conducting security assessments.
• Experience creating proof-of-concept exploits to demonstrate vulnerabilities.
• Strong knowledge of both common and emerging application security threats.
• Experience managing, reviewing, and auditing bug bounty submissions and the ability to triage, reproduce, verify, and assess the risk of reported vulnerabilities.
• Proficiency with industry-standard and open-source application security tools such as Checkmarx, Veracode, Burp Suite, Acunetix, Amazon Inspector, etc.
• Excellent problem-solving skills, with the ability to analyze complex issues and communicate solutions effectively and confidently.
• Required certifications: Security+ or equivalent industry knowledge
• Highly desired certifications: BSCP, PNPT, PJPT, PWPT, PJMR
• Preferred certifications: GWAPT, GWEB, OSCP, OSWE, CASE, CASS, CSSLP, eWPT

#LI-LM03
#LI-Hybrid

Additional Information

For over 50 years, Verisk has been the leading data analytics and technology partner to the global insurance industry by delivering value to our clients through expertise and scale. We empower communities and businesses to make better decisions on risk, faster.

At Verisk, you'll have the chance to use your voice and build a rewarding career that's as unique as you are, with work flexibility and the support, coaching, and training you need to succeed. 

For the eighth consecutive year, Verisk is proudly recognized as a Great Place to Work® for outstanding workplace culture in the US, fourth consecutive year in the UK, Spain, and India, and second consecutive year in Poland.  We value learning, caring and results and make inclusivity and diversity a top priority.  In addition to our Great Place to Work® Certification, we’ve been recognized by The Wall Street Journal as one of the Best-Managed Companies and by Forbes as a World’s Best Employer and Best Employer for Women, testaments to the value we place on workplace culture.

We’re 7,000 people strong.  We relentlessly and ethically pursue innovation. And we are looking for people like you to help us translate big data into big ideas. Join us and create an exceptional experience for yourself and a better tomorrow for future generations.

Verisk Businesses

Underwriting Solutions — provides underwriting and rating solutions for auto and property, general liability, and excess and surplus to assess and price risk with speed and precision

Claims Solutions — supports end-to-end claims handling with analytic and automation tools that streamline workflow, improve claims management, and support better customer experiences

Property Estimating Solutions — offers property estimation software and tools for professionals in estimating all phases of building and repair to make day-to-day workflows the most efficient

Extreme Event Solutions — provides risk modeling solutions to help individuals, businesses, and society become more resilient to extreme events.

Specialty Business Solutions — provides an integrated suite of software for full end-to-end management of insurance and reinsurance business, helping companies manage their businesses through efficiency, flexibility, and data governance

Marketing Solutions — delivers data and insights to improve the reach, timing, relevance, and compliance of every consumer engagement

Life Insurance Solutions – offers end-to-end, data insight-driven core capabilities for carriers, distribution, and direct customers across the entire policy lifecycle of life and annuities for both individual and group.

Verisk Maplecroft — provides intelligence on sustainability, resilience, and ESG, helping people, business, and societies become stronger

Verisk Analytics is an equal opportunity employer.

All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability. Verisk’s minimum hiring age is 18 except in countries with a higher age limit subject to applicable law.

https://www.verisk.com/company/careers/

Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

https://www.verisk.com/privacy-policies/data-privacy-notice-for-employees-applicants-and-independent-contractors/