Lead Application Security Analyst
Cleveland, OH, United States
Sherwin-Williams
No matter where you are in the world or what surfaces you are painting or coating, Sherwin-Williams provides innovative paint solutions that ensure your success.- Acquire and interpret business requirements and functional specifications to create security non-functional requirements.
- Work with the security architects to validate potential architectures through techniques like threat modeling.
- Maintain knowledge of best security practices through training, research, involvement with local IT security groups, and collaboration with internal cybersecurity teams.
- Identify areas for improvement by recommending the use of reusable code libraries introduced in standard build/deploy pipelines.
- Assist development teams in updating the CMDB records to reflect current state.
- Validate that OS, middleware, and images are being scanned for vulnerabilities at regular intervals and any reported vulnerabilities are tied back to the appropriate application(s).
- Work with development and QA teams to ensure the use of secure coding practices and verification methods.
- Work with dev-ops teams and engineers to integrate security solutions into continuous delivery frameworks.
- Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.
- Work with delivery teams and product owners to reduce application security risks by assisting with code remediation before production delivery.
- Work with architects and developers to design optimal security practices when developing new application functionality.
- Support and maintain automated application security testing within the devops pipelines.
- Provide input in updating security standards on an annual basis.
Ensure that all applications are using effective security monitoring, and work with the endpoint security team to test configurations.
Incidental Functions- Deciding new technologies including tools, components, and frameworks.
- Project and task management and reporting as necessary.
- Make presentations to management, clients, and peer groups as requested.
- Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employment opportunity policy.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.
This position has a hybrid work schedule with three days in the office and the option for working remotely two days.
Formal Education & Certification- Bachelor’s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.
- GIAC GWAPT, or CISSP certifications are a plus.
- 8+ years of total IT and/or cybersecurity experience
- Experience working on all phases of the Software Development Lifecycle.
- 3+ year(s) of experience in securing web services
- 3+ years of coding experience, preferably Java
- Detailed understanding of authentication/authorization best practices
- Working knowledge of oAuth 2.0 flows
- Understanding of integrating security practices with container-based deployments
- Understanding of web application firewall technology
- Mentoring software engineers in writing secure code.
- Strong analytical, conceptual, and problem-solving abilities.
- Good written and oral communication skills.
- Good presentation and interpersonal skills.
- Ability to present ideas in user-friendly language.
- Able to prioritize and execute tasks in a high-pressure environment.
- Ability to work in a team-oriented, collaborative environment.
- Strong commitment to inclusion and diversity
- Minimal travel is required.
- Work outside the standard office 7.5-hour workday may be required.
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CISSP Compliance Computer Science DevOps Endpoint security Firewalls GIAC GWAPT Java Mathematics Monitoring SDLC Strategy Vulnerabilities
Perks/benefits: Career development Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs