Information Security Analyst - Application Security

The Application Security Analyst will assist in monitoring and assessing the security of web applications under the guidance of the Senior Application Security Manager. This role involves supporting the enforcement of security standards, participating in application security risk assessments, and aiding in the documentation and remediation tracking processes. The role is designed to provide hands-on experience in application security within a corporate environment, with a strong focus on learning and development.

CANDIDATE PROFILE

Education and Experience

Required Education and Experience:

• Bachelor’s degree in Cybersecurity or Computer Science or related field or equivalent experience/certification
• 0-2+ years of information technology experience including internships

Desired Capabilities and Experiences

• Strong understanding of basic programming concepts and principals (interpretation, compilation, loops, control structures, data types)
• Basic understanding of security testing methodologies, tools, and approaches
• Basic understanding of OWASP Top 10 and its implications to software security
• Basic understanding of common software development practices and procedures (version control, testing, patching, CI/CD)
• Basic understanding of the Software Development Lifecycle (SDLC).
• Proficiency in Microsoft Word, PowerPoint, and Excel
• Excellent communication skills.
• Strong interest in cybersecurity and a willingness to learn on the job.
• Current information security certification, including: GSEC, GSIF, CySA+, Security+, CEH, GRISC, CISA
• Experience in software development (front end or backend developer)
• Experience with software security testing
• Experience working in a regulated environment (e.g., finance, healthcare, government).
• Experience with conducting risk assessments and developing risk mitigation strategies.
• Solid understanding of GitHub operations (e.g., cloning, branching, merging, pull requests, issues)

CORE WORK ACTIVITIES

Application Security Risk Management & Tracking

• Assist in monitoring compliance with security standards and regulatory requirements related to web application security.
• Assist in tracking and documenting risk mitigation efforts, ensuring timely resolution of identified issues.
• Support the Senior Manager in tracking and documenting application security risks and remediation efforts.
• Learn and assist in the use of security tools such as GitHub Advanced Security for basic operations (e.g. Tracking & Reporting Issues).
• Work closely with development teams to integrate risk management practices into the software development lifecycle.
• Gain exposure to security frameworks and standards such as OWASP, under the mentorship of the Senior Manager.
• Contribute to the development and maintenance of compliance documentation, including policies, procedures, and control frameworks.
• Aid in the use of project management tools like JIRA to track tasks and projects.
• Work closely with the Application Security Testing team to understand findings, their relevance and potential impact.
• Conduct basic vulnerability research under the guidance of the Senior Manager.
• File tickets with development and security teams, monitor ticket flow, volume, and remediation activities.
• Participate in audits and assessments to evaluate compliance with internal policies and external regulations.
• Review Security Researcher findings through the company Bug Bounty program and pursue remediation when issues are validated.

The salary range for this position is $73,100 to $119,600 annually. Marriott offers a bonus program, comprehensive health care benefits, 401(k) plan with up to 5% company match, employee stock purchase plan at 15% discount, accrued paid time off (including sick leave where applicable), life insurance, group disability insurance, travel discounts, adoption assistance, paid parental leave, health savings account (except for positions based out of or performed in Hawaii), flexible spending accounts, tuition assistance, pre-tax commuter benefits, other life and work wellness benefits, and may include other incentives such as stock awards and deferred compensation plans. Benefits and incentive compensation may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions.  

The compensation and benefits information is provided as of the date of this posting. Marriott reserves the right to modify compensation and benefits at any time, with or without notice, subject to applicable law.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.