Application Security Analyst

Your Journey at Crowe Starts Here:At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you're trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That's why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry.Job Description:Overview:The Application Security Analyst is responsible for ensuring that the company's digital assets are secure and protected from external and internal threats. The realm of responsibilities incorporates protection of both on premise and cloud assets, which is achieved through scanning internally developed code, web applications, and Low Code / No Code systems for vulnerabilities. Moreover, a security analyst is responsible for the tracking and coordination with key stake holders to accomplish remediation efforts along with compliance tracking. The Application security analyst will use a wide range of tools and software to achieve these goals.   Responsibilities:Collaborate with other teams and Business Units to ensure compliance with internal security policy and alignment with industry best practicesConduct Software Composition Analysis (SCA) scanning and remediation trackingConduct Static Code (SAST) scanning and remediation trackingConduct Dynamic Application Testing (DAST) scanning and remediation trackingCoordinate and track remediation progress of Low Code / No Code systems.Facilitate the onboarding of new developers and web applications / code bases into all security testing toolsPartner with Senior team members to triage requests from development teamsFacilitate penetration testing by an external vendor by coordinating with internal and external partiesCommunication of vulnerability findings to internal clientsQualifications:Fundamental knowledge of industry standard security tools, including deployment, administration, and usage, in order to conduct security assessments and implement automated processes and procedures for vulnerability scanning, reporting, and remediation.A firm understanding of IT and Security fundamentals is required (Infrastructure, Operating Systems, Virtualization, Networking Concepts, Commands and Scripting, Network Security, Operational Security, Threats, Host Security, Access Control, Cryptography, etc.).Experience with risk analysis and mitigation strategies and working with team leaders and stakeholders to design effective remediation plans.The ability to resolve issues and fix problems when they arise.The ability to manage several projects and be able to adjust quickly to changing priorities in a dynamic environment. Flexible, agile and able to manage work within ambiguity as necessary.Excellent organizational/project management and analytical skills.Requirements:Associate degree in Computer Science, MIS, Information Systems or engineering fields, or equivalent experienceStrong communication skillsRelevant industry certification(s) desired1 years in application security, penetration testing, or Information Security roleExperience with industry standard testing methods and security toolsFamiliarity with OWASP, NIST, ISO, SANS and other relevant guidelines and frameworksStrong knowledge of security best practices and their application within enterprise infrastructure, networking, operating systems, and cloud environmentsShift Timings: 6:00 PM IST - 3:00 AM ISTWork mode: RemoteKey Positions With Which This Position Interfaces: APPSEC Team LeaderSecurity Compliance and Security Administration teamsNetworking and Server teamsBU Development teamsWe expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.Our Benefits:At Crowe, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Crowe can mean for youHow You Can Grow:We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosperMore about Crowe:C3 India Delivery Centre LLP formerly known as Crowe Howarth IT Services LLP is a wholly owned subsidiary of Crowe LLP (U.S.A.), a public accounting, consulting and technology firm with offices around the world. Crowe LLP is an independent member firm of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory firms in more than 130 countries around the world.Crowe does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge.