loreal it analyst application security
Berkeley Heights (Union) Infra / Networks / Telecom
Job description
L'Oreal USA
Berkeley Heights, NJ
Role description
The Application Security Analyst is responsible for assisting Application Security Manager in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions for secure application development.
The ideal candidate for this position can prove competency in secure application development strategies or application penetration testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas:
· Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
· Performing security testing and providing remediation guidance for application vulnerabilities.
· Developing application security measures and controls that support risk assessments and the development of secure application platform.
· Developing, testing and implementing advanced enterprise level application security standards, techniques and tools.
· Using application vulnerability assessment tools for static and dynamic code analysis.
· Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications
· Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25 dangerous programming errors.
· Network. Penetration Testing
· Application Penetration Testing
· Utility development and scripting experience is a major plus.
Role Responsibilities
The key responsibilities of the role are as follows:
· Performs security testing and code review to improve software security.
· Investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code.
· Performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer information.
· Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance.
· Develops and deploys application security and risk management framework/tools.
· Communicates risk assessment findings to stakeholders.
· Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed.
· Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
· Educate developers on secure development and coding best practices.
· Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
· Deliver with accountability on assigned tasks and project commitments.
Candidate Evaluation Criteria
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
· Must prove understanding of application design and common security vulnerabilities
· A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
· Contribute in building enterprise application management, governance and compliance programs.
· Strong organization, prioritization, rationalization and analytics skills
· An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
· A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business.
· A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
· An ability to communicate complex and technical issues to diverse audiences.
· Deep and thorough knowledge of advanced enterprise level application security standards, techniques and tools.
· Ability to assess code security vulnerabilities, implement security measure and mitigating controls.
Typical Education and Experience
· BS or higher degree in Computer science, Information Security, or equivalent experience
· 3+ years of professional experience in IT security engineering, software engineering, or computer science based field.
· 3+ years of hands on development experience on the technologies and standards, such as: HTML, C++, C#, JavaScript, JQuery, Python, PHP, SQL, JSON, XML,
· Understanding of SSL/TLS, REST, SAML, OAuth,
· Experience using DevOps tools such as Jira/Confluence, Jenkins, and cloud-based code sharing platforms (i.e. GitHub, BitBucket, Sourceforge, etc.)
· Working knowledge of eCommerce platforms such as SalesForce Commerce Cloud a plus.
· Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.
· Experience with Agile/SCRUM and Classical (Waterfall) software development models, and thorough knowledge/understanding of enterprise SDLC process.
· Knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email . Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered. ","datePosted":"2019-05-27T06:57:48.981000","title":"L'Oreal IT Analyst, Application & Systems"} L'Oreal IT Analyst, Application Security in Berkeley Heights, NJ | IT & Systems at l'oreal .aurelia-hide { display:none !important; } L'Oréal | Job Description
·
·
·
·
·
· /*
· Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
· Performing security testing and providing remediation guidance for application vulnerabilities.
· Developing application security measures and controls that support risk assessments and the development of secure application platform.
· Developing, testing and implementing advanced enterprise level application security standards, techniques and tools.
· Using application vulnerability assessment tools for static and dynamic code analysis.
· Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications
· Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25 dangerous programming errors.
· Network. Penetration Testing
· Application Penetration Testing
· Utility development and scripting experience is a major plus.
Role Responsibilities
The key responsibilities of the role are as follows:
· Performs security testing and code review to improve software security.
· Investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code.
· Performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer information.
· Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance.
· Develops and deploys application security and risk management framework/tools.
· Communicates risk assessment findings to stakeholders.
· Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed.
· Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
· Educate developers on secure development and coding best practices.
· Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
· Deliver with accountability on assigned tasks and project commitments.
Candidate Evaluation Criteria
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
· Must prove understanding of application design and common security vulnerabilities
· A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
· Contribute in building enterprise application management, governance and compliance programs.
· Strong organization, prioritization, rationalization and analytics skills
· An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
· A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business.
· A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
· An ability to communicate complex and technical issues to diverse audiences.
· Deep and thorough knowledge of advanced enterprise level application security standards, techniques and tools.
· Ability to assess code security vulnerabilities, implement security measure and mitigating controls.
Typical Education and Experience
· BS or higher degree in Computer science, Information Security, or equivalent experience
· 3+ years of professional experience in IT security engineering, software engineering, or computer science based field.
· 3+ years of hands on development experience on the technologies and standards, such as: HTML, C++, C#, JavaScript, JQuery, Python, PHP, SQL, JSON, XML,
· Understanding of SSL/TLS, REST, SAML, OAuth,
· Experience using DevOps tools such as Jira/Confluence, Jenkins, and cloud-based code sharing platforms (i.e. GitHub, BitBucket, Sourceforge, etc.)
· Working knowledge of eCommerce platforms such as SalesForce Commerce Cloud a plus.
· Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.
· Experience with Agile/SCRUM and Classical (Waterfall) software development models, and thorough knowledge/understanding of enterprise SDLC process.
· Knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email . Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered. ","locale":"en_GLOBAL","multi_location":[{"cityState":null,"country":"United States","city":"","latlong":{"lon":-74.4310524,"lat":40.6808726},"location":"Berkeley Heights, NJ","lon":"-74.4310524","cityCountry":"United States","cityStateCountry":"United States","state":"","mapQueryLocation":"Berkeley Heights, NJ","stateCountry":"United States","lat":"40.6808726"}],"title":"L'Oreal IT Analyst, Application Security","ml_skills_mapping":[{"standardSkill":"Application Security Assessments","nonStandardSkill":"application security assessments"},{"standardSkill":"Information Risk Management","nonStandardSkill":"information risk management"},{"standardSkill":"Vulnerability Assessment","nonStandardSkill":"vulnerability assessment"},{"standardSkill":"Application Development","nonStandardSkill":"application development"},{"standardSkill":"Communication Skills","nonStandardSkill":"ability to communicate"},{"standardSkill":"Collaborative Working","nonStandardSkill":"collaborative working"},{"standardSkill":"Security Engineering","nonStandardSkill":"security engineering"},{"standardSkill":"Software Engineering","nonStandardSkill":"software engineering"},{"standardSkill":"Information Security","nonStandardSkill":"information security"},{"standardSkill":"Application Security","nonStandardSkill":"application security"},{"standardSkill":"Software Development","nonStandardSkill":"software development"},{"standardSkill":"Customer Information","nonStandardSkill":"customer information"},{"standardSkill":"Penetration Testing","nonStandardSkill":"penetration testing"},{"standardSkill":"Mobile Applications","nonStandardSkill":"mobile applications"},{"standardSkill":"Proven Track Record","nonStandardSkill":"proven track record"},{"standardSkill":"Software Security","nonStandardSkill":"software security"},{"standardSkill":"Database Systems","nonStandardSkill":"database systems"},{"standardSkill":"Security Testing","nonStandardSkill":"security testing"},{"standardSkill":"Risk Assessment","nonStandardSkill":"risk assessments"},{"standardSkill":"Web Applications","nonStandardSkill":"web applications"},{"standardSkill":"Risk Assessment","nonStandardSkill":"risk assessment"},{"standardSkill":"Risk Management","nonStandardSkill":"risk management"},{"standardSkill":"Timely Delivery","nonStandardSkill":"timely delivery"},{"standardSkill":"Organizational","nonStandardSkill":"organizational"},{"standardSkill":"Best Practice","nonStandardSkill":"best practices"},{"standardSkill":"Authentication","nonStandardSkill":"authentication"},{"standardSkill":"Accountability","nonStandardSkill":"accountability"},{"standardSkill":"Configuration","nonStandardSkill":"configuration"},{"standardSkill":"Code Analysis","nonStandardSkill":"code analysis"},{"standardSkill":"Data Masking","nonStandardSkill":"data masking"},{"standardSkill":"Web Services","nonStandardSkill":"web services"},{"standardSkill":"Organizational Skills","nonStandardSkill":"organization"},{"standardSkill":"Stake Holder Management","nonStandardSkill":"stakeholders"},{"standardSkill":"Responsibility","nonStandardSkill":"responsible"},{"standardSkill":"Agile Scrum Master","nonStandardSkill":"agile/scrum"},{"standardSkill":"Web Services","nonStandardSkill":"web service"},{"standardSkill":"Proficiency","nonStandardSkill":"proficiency"},{"standardSkill":"Recruitment","nonStandardSkill":"recruitment"},{"standardSkill":"Demonstrate","nonStandardSkill":"demonstrate"},{"standardSkill":"Code Review","nonStandardSkill":"code review"},{"standardSkill":"Automation","nonStandardSkill":"automation"},{"standardSkill":"JavaScript","nonStandardSkill":"javascript"},{"standardSkill":"Encryption","nonStandardSkill":"encryption"},{"standardSkill":"Consistent","nonStandardSkill":"consistent"},{"standardSkill":"Evaluation","nonStandardSkill":"evaluation"},{"standardSkill":"Validation","nonStandardSkill":"validation"},{"standardSkill":"Reasonable","nonStandardSkill":"reasonable"},{"standardSkill":"Salesforce","nonStandardSkill":"salesforce"},{"standardSkill":"Bitbucket","nonStandardSkill":"bitbucket"},{"standardSkill":"Efficient","nonStandardSkill":"efficient"},{"standardSkill":"Advising","nonStandardSkill":"advising"},{"standardSkill":"Training","nonStandardSkill":"training"},{"standardSkill":"Hands-On","nonStandardSkill":"hands on"},{"standardSkill":"Science","nonStandardSkill":"science"},{"standardSkill":"Utility","nonStandardSkill":"utility"},{"standardSkill":"Testing","nonStandardSkill":"testing"},{"standardSkill":"Scaling","nonStandardSkill":"scaling"},{"standardSkill":"Concept","nonStandardSkill":"concept"},{"standardSkill":"Veterans Affairs","nonStandardSkill":"veteran"},{"standardSkill":"Jenkins","nonStandardSkill":"jenkins"},{"standardSkill":"JQuery","nonStandardSkill":"jquery"},{"standardSkill":"Microsoft SQL","nonStandardSkill":"ms sql"},{"standardSkill":"PROMPT","nonStandardSkill":"prompt"},{"standardSkill":"Python","nonStandardSkill":"python"},{"standardSkill":"DevOps","nonStandardSkill":"devops"},{"standardSkill":"Git Version Control","nonStandardSkill":"github"},{"standardSkill":"Oracle","nonStandardSkill":"oracle"},{"standardSkill":"Cloud","nonStandardSkill":"cloud"},{"standardSkill":"OWASP","nonStandardSkill":"owasp"},{"standardSkill":"MySQL","nonStandardSkill":"mysql"},{"standardSkill":"SAML","nonStandardSkill":"saml"},{"standardSkill":"REST Services","nonStandardSkill":"rest"},{"standardSkill":"JSON","nonStandardSkill":"json"},{"standardSkill":"HTML","nonStandardSkill":"html"},{"standardSkill":"XML","nonStandardSkill":"xml"},{"standardSkill":"C++ Language","nonStandardSkill":"c++"},{"standardSkill":"PHP","nonStandardSkill":"php"},{"standardSkill":"SQL","nonStandardSkill":"sql"},{"standardSkill":"C# Language","nonStandardSkill":"c#"}],"postedDate":"2019-05-27T06:57:48.981000","jobSeqNo":"LOREUS61044","educationRequired":"Bachelor","ml_highlight":"The Application Security Analyst is responsible for assisting Application Security Manager in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions...","dateCreated":"2019-05-17T07:00:43.918000","ml_role":null,"cityStateCountry":"United States","ml_jobExperience":null,"brands":"Multi-Brands","lastModifiedDate":"2019-05-25T10:09:59.436000","parentRefNum":"LOREUS","ml_skilled_jd":"l'oreal usa. berkeley heights, nj. role description . the application_security analyst is responsibility for assisting application_security manager in advising it and business stake_holder_management on application_security and controls, conduct testing and provide solutions for secure application_development . the ideal candidate for this position can prove competency in secure application_development strategies or application penetration_testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas . scaling security within the sdlc by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation and similar techniques . performing security_testing and providing remediation guidance for application vulnerabilities . developing application_security measures and controls that support risk_assessment and the development of secure application platform . developing, testing and implementing advanced enterprise level application_security standards, techniques and tools . using application vulnerability_assessment tools for static and dynamic code_analysis . conducting application_security_assessments and tests on web_applications cloud platforms, web_services and mobile_applications . identifying and protecting against web application and web_services security vulnerabilities including those found in the owasp top 10 and cwe/sans top 25 dangerous programming errors . network. penetration_testing . application penetration_testing . utility development and scripting experience is a major plus . role responsibilities . the key responsibilities of the role are as follows . performs security_testing and code_review to improve software_security . investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code . performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer_information . works closely with application_development teams and vendors to provide security expertise on encryption data_masking authentication security specific code, and governance . develops and deploys application_security and risk_management framework/tools . communicates risk_assessment findings to stake_holder_management . identifies and implements appropriate application_security controls to effectively eliminate and/or reduce application risks as needed . ensures compliance with industry, regulatory and l’oreal group defined policies and standards . educate developers on secure development and coding best_practice . partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely_delivery of the secure application solution . deliver with accountability on assigned tasks and project commitments . candidate evaluation criteria . candidates will be evaluated based on their ability to demonstrate a proven_track_record of proficiency at the following competencies . must prove understanding of application design and common security vulnerabilities . a commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business . contribute in building enterprise application management, governance and compliance programs . strong organizational_skills prioritization, rationalization and analytics skills . an ability to cultivate and build collaborative_working relationships with a broad range of enterprise stake_holder_management . a well-developed understanding of and appreciation for business needs and a commitment to leading the information_risk_management team in delivering high-quality, prompt and efficient service to the business . a well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge . an communication_skills complex and technical issues to diverse audiences . deep and thorough knowledge of advanced enterprise level application_security standards, techniques and tools . ability to assess code security vulnerabilities, implement security measure and mitigating controls . typical education and experience . bs or higher degree in computer science information_security or equivalent experience . 3+ years of professional experience in it security_engineering software_engineering or computer science based field . 3+ years of hands-on development experience on the technologies and standards, such as . html c++_language c#_language javascript jquery python php sql json xml . understanding of ssl/tls, rest_services saml oauth, . experience using devops tools such as jira/confluence, jenkins and cloud-based code sharing platforms i.e. git_version_control bitbucket sourceforge, etc . working knowledge of ecommerce platforms such as salesforce commerce cloud a plus . understanding of database_systems including microsoft_sql mysql oracle etc . experience with agile_scrum_master and classical waterfall software_development models, and thorough knowledge/understanding of enterprise sdlc process . knowledge of web related technologies web_applications web_services and service oriented architectures and of network/web related protocols . we are an equal opportunity employer and take pride in a diverse environment. we do not discriminate in recruitment hiring, training promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veterans_affairs status, medical condition or disability, or any other legally protected status . if you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email usapplicationaccommodation support.lorealusa.com. please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. all others will not be considered. ","applyUrl":"//career.loreal.com/careers/login?jobId=68309","ml_filtered_Skills":null,"jobUniqueIdentifierValue":"68309###en_GLOBAL","location":"Berkeley Heights, NJ","cityCountry":"United States","category":"IT & Systems","mapQueryLocation":"Berkeley Heights, NJ","ml_Description":"L'Oreal USA. Berkeley Heights, NJ. Role description . The Application Security Analyst is responsible for assisting Application Security Manager in advising IT and business stakeholders on application security and controls, conduct testing and provide solutions for secure application development . The ideal candidate for this position can prove competency in secure application development strategies or application penetration testing with a deep understanding of methods and techniques to break and fix applications, and must have hands-on experience in at least two of these areas . Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques . Performing security testing and providing remediation guidance for application vulnerabilities . Developing application security measures and controls that support risk assessments and the development of secure application platform . Developing, testing and implementing advanced enterprise level application security standards, techniques and tools . Using application vulnerability assessment tools for static and dynamic code analysis . Conducting application security assessments and tests on web applications, cloud platforms, web services, and mobile applications . Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25 dangerous programming errors . Network. Penetration Testing . Application Penetration Testing . Utility development and scripting experience is a major plus . Role Responsibilities . The key responsibilities of the role are as follows . Performs security testing and code review to improve software security . Investigates, identifies, validates, and drives remediation of security vulnerabilities, configuration issues, and flaws in application code . Performs focused risks assessments of existing or new applications, software and technologies to ensure the protection of the organization’s information assets and our customer information . Works closely with application development teams and vendors to provide security expertise on encryption, data masking, authentication, security specific code, and governance . Develops and deploys application security and risk management framework/tools . Communicates risk assessment findings to stakeholders . Identifies and implements appropriate application security controls to effectively eliminate and/or reduce application risks as needed . Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards . Educate developers on secure development and coding best practices . Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution . Deliver with accountability on assigned tasks and project commitments . Candidate Evaluation Criteria . Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies . Must prove understanding of application design and common security vulnerabilities . A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business . Contribute in building enterprise application management, governance and compliance programs . Strong organization, prioritization, rationalization and analytics skills . An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders . A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business . A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge . An ability to communicate complex and technical issues to diverse audiences . Deep and thorough knowledge of advanced enterprise level application security standards, techniques and tools . Ability to assess code security vulnerabilities, implement security measure and mitigating controls . Typical Education and Experience . BS or higher degree in Computer science, Information Security, or equivalent experience . 3+ years of professional experience in IT security engineering, software engineering, or computer science based field . 3+ years of hands on development experience on the technologies and standards, such as . HTML, C++, C#, JavaScript, JQuery, Python, PHP, SQL, JSON, XML,. Understanding of SSL/TLS, REST, SAML, OAuth, . Experience using DevOps tools such as Jira/Confluence, Jenkins, and cloud-based code sharing platforms i.e. GitHub, BitBucket, Sourceforge, etc . Working knowledge of eCommerce platforms such as SalesForce Commerce Cloud a plus . Understanding of Database Systems including MS SQL, MySQL, Oracle, etc . Experience with Agile/SCRUM and Classical Waterfall software development models, and thorough knowledge/understanding of enterprise SDLC process . Knowledge of web related technologies web applications, web services, and service oriented architectures and of network/web related protocols . We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status . If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation support.lorealusa.com. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.