• (Sr.) Application Security Analyst

    Location US-PA-Valley Forge
    Posted Date 2 months ago(2 months ago)
    Job ID
    2018-3028
    # Positions
    1
    Category
    Information Technology
  • General Position Summary

    The (Sr.) Application Security Analyst position within the Enterprise Information Security department provides experience to the application security and design, vulnerability management, solution and vendor risk assessment areas. This position is responsible for the creation and maintenance of application security and design requirements and assessing that implementation plans meet PJM security policies, standards, and procedures. The focus of the (Sr.) Application Security Analyst is:
    •Establishing and maintaining applications security requirements and design specifications and patterns.
    •Working with subject matter experts from IT and PJM’s business units on the implementation of cyber security controls (technical and procedural).
    •Supporting application security assessments and providing recommendations for mitigating risks
    •Supporting the cyber risk assessment process
    The (Sr.) Application Security Analyst also ensures that policies and procedures are documented and implemented to ensure compliance with PJM’s security policies and the NERC Critical Infrastructure (CIP) Standards.

    Essential Duties and Responsibilities

    • Establish, review, and maintain application and system security requirements.
    • Review system design specifications.
    • Work with CORE to create and maintain security design patterns.
    • Document recommendations and adaptations to existing design patterns.
    • Perform static source code analysis.
    • Review and consult with developers on software code analysis results.
    • Coordinate the creation and maintenance of functional and non-functional test cases with the Quality Assurance team.
    • Coordinate and conduct penetration testing of applications and systems.
    • Coordinate and conduct vulnerability assessments of applications and systems.
    • Perform analysis of vulnerability scanning results and make recommendations to owners.
    • Follow up on remediation status and report on progress with owners.
    • Maintain working knowledge of advanced cyber threat actor tactics, techniques, and procedures.
    • Perform research to identify and understand new threats to PJM’s applications and systems.
    • Activates the cyber security incident response team plan, when needed, and serves as the leader or as an active participant.
    • Provides leadership or support in the development of periodic cyber risk assessments.
    • Leads departmental projects, as assigned.
    • Produces evidence of activities in conformance with SSAE-16 and NERC CIP security controls.
    • Participates in information security risk management team.
    • Participates in risk management workshops.
    • Understand and adhere to PJM’s security policies and procedures, as they pertain to PJM’s applications and infrastructure.
    • Represent security interests on project teams by ensuring security standards and requirements are defined as part of the deliverables.

    Characteristics and Qualifications

    Required

    • BS, Computer Science, Information Technology or at least 5 years of experience with focus on software design or in software design, development, and deployment
    • At least 4 years of experience with Java and .NET development or similar software development languages. Ability to collaborate, influence, and partner with business units with software development and systems design, and related security concepts
    • Ability to produce high-quality work products with attention to detail
    • Ability to communicate effectively in a team environment
    • Experience in quantitative and qualitative analysis
    • Experience using verbal and written communications skills
    • Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)


    Preferred

    • MBA, Business Administration
    • Experience with PJM operations, markets, and planning functions
    • Experience supporting any of PJM Committees
    • Certified Information Systems Security Professional (CISSP) Upon Hire
    • Certified Ethical Hacker (CEH) Upon Hire

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.