Application Security Analyst

Your Journey at Crowe Starts Here:

At Crowe, you can build a meaningful and rewarding career. With real flexibility to balance work with life moments, you're trusted to deliver results and make an impact. We embrace you for who you are, care for your well-being, and nurture your career. Everyone has equitable access to opportunities for career growth and leadership. Over our 80-year history, delivering excellent service through innovation has been a core part of our DNA across our audit, tax, and consulting groups. That's why we continuously invest in innovative ideas, such as AI-enabled insights and technology-powered solutions, to enhance our services. Join us at Crowe and embark on a career where you can help shape the future of our industry.

Job Description:

Overview:

The Application Security Analyst is responsible for ensuring that the company's digital assets are secure and protected from external and internal threats. The realm of responsibilities incorporates protection of both on premise and cloud assets, which is achieved through scanning internally developed code, web applications, and Low Code / No Code systems for vulnerabilities. Moreover, a security analyst is responsible for the tracking and coordination with key stake holders to accomplish remediation efforts along with compliance tracking. The Application security analyst will use a wide range of tools and software to achieve these goals.   

Responsibilities:

• Collaborate with other teams and Business Units to ensure compliance with internal security policy and alignment with industry best practices

• Conduct Software Composition Analysis (SCA) scanning and remediation tracking

• Conduct Static Code (SAST) scanning and remediation tracking

• Conduct Dynamic Application Testing (DAST) scanning and remediation tracking

• Coordinate and track remediation progress of Low Code / No Code systems.

• Facilitate the onboarding of new developers and web applications / code bases into all security testing tools

• Partner with Senior team members to triage requests from development teams

• Facilitate penetration testing by an external vendor by coordinating with internal and external parties

• Communication of vulnerability findings to internal clients

Qualifications:

• Fundamental knowledge of industry standard security tools, including deployment, administration, and usage, in order to conduct security assessments and implement automated processes and procedures for vulnerability scanning, reporting, and remediation.

• A firm understanding of IT and Security fundamentals is required (Infrastructure, Operating Systems, Virtualization, Networking Concepts, Commands and Scripting, Network Security, Operational Security, Threats, Host Security, Access Control, Cryptography, etc.).

• Experience with risk analysis and mitigation strategies and working with team leaders and stakeholders to design effective remediation plans.

• The ability to resolve issues and fix problems when they arise.

• The ability to manage several projects and be able to adjust quickly to changing priorities in a dynamic environment. 

• Flexible, agile and able to manage work within ambiguity as necessary.

• Excellent organizational/project management and analytical skills.

Requirements:

• Associate degree in Computer Science, MIS, Information Systems or engineering fields, or equivalent experience

• Strong communication skills

• Relevant industry certification(s) desired

• 1 years in application security, penetration testing, or Information Security role

• Experience with industry standard testing methods and security tools

• Familiarity with OWASP, NIST, ISO, SANS and other relevant guidelines and frameworks

• Strong knowledge of security best practices and their application within enterprise infrastructure, networking, operating systems, and cloud environments

Shift Timings: 6:00 PM IST - 3:00 AM IST

Work mode: Remote

Key Positions With Which This Position Interfaces: 

APPSEC Team Leader

Security Compliance and Security Administration teams

Networking and Server teams

BU Development teams

We expect the candidate to uphold Crowe's values of Care, Trust, Courage, and Stewardship. These values define who we are. We expect all of our people to act ethically and with integrity at all times.

Our Benefits:
At Crowe, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Crowe can mean for you

How You Can Grow:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper

More about Crowe:

C3 India Delivery Centre LLP formerly known as Crowe Howarth IT Services LLP is a wholly owned subsidiary of Crowe LLP (U.S.A.), a public accounting, consulting and technology firm with offices around the world. Crowe LLP is an independent member firm of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory firms in more than 130 countries around the world.

Crowe does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge.