Application Security Analyst

Position Summary

The Application Security Analyst will administer our code testing platforms, analyze code testing results, interact with development teams to enforce and develop Samsung Ads secure software development lifecycle (SDLC). Candidates will possess strong technical analytical skills while providing accurate analysis of system vulnerabilities and risk-based remediations. They have a well–rounded risk management, web application development and linux systems.

The individual is user focused and works to resolve user needs in a timely manner.

● Perform vulnerability and code reviews, working with developers to get stack rolled out
● Find and resolve security vulnerabilities on a variety of platforms (SSP (supply-side platform)) using Java)
● Handle risk management operational activities
● Help design secure web application architecture and secure design principles
● Complete manual focused web application vulnerability assessments
● Collaborating with teams to identify opportunities and provide recommendations on how application security can be built into project development;
● Implementing strategy for application vulnerability reviews and remediations
● Advocate security and secure coding practices

Role and Responsibilities

• 10+ years of related experience in application security, penetration testing; and vulnerability management

• Strong English communication skills – written & documentation, verbal and speaking; French is an asset
• Minimum 8 year of experience with vulnerability management in Linux systems and web applications
• Minimum 8  year of experience with SAST, DAST and providing security requirements to developers
• Minimum 8  year of experience with threat modeling
• Coding or scripting skills in Python, Bash or any other programming language
• Experience and willingness to take the initiative and think proactively 

Nice to haves (assets)

• Bachelor’s degree in Computer Science or equivalent relevant experience in information security with relevant industry certifications
• 6+ year of general IT or web development experience
• Experience or knowledge of Java
• Experience with Web application Firewall (WAF) such as Akamai, Imperva or AWS WAF
• Knowledge of Kubernetes, Docker
• Security +, SSCP and other technical security certifications (e.g. Information Systems Security Architecture Professional, Information Security Engineering Professional, Certification and Accreditation Professional, or equivalent certifications)
• Knowledge or experience using ‘Slack’, ‘G-Suite’ and ‘AWS’ 
• Knowledge security best practices for AWS services : IAM, Cloud Trail, GuardDuty, S3, EC2.

Skills and Qualifications

* Please visit Samsung membership to see Privacy Policy, which defaults according to your location. You can change Country/Language at the bottom of the page. If you are European Economic Resident, please click here.