Application Security Analyst
Location: Remote - US only
Job Type: Full time
Salary Range: $55,000 - $140,000
We’ve Got You Under Our Wing
We are the duck. We develop and empower our people, cultivate relationships, give back to our community, and celebrate every success along the way. We do it all…The Aflac Way.
Aflac, a Fortune 500 company, is an industry leader in voluntary insurance products that pay cash directly to policyholders and one of America's best-known brands. Aflac has been recognized as Fortune’s 50 Best Workplaces for Diversity and as one of World’s Most Ethical Companies by Ethisphere.com.
Our business is about being there for people in need. So, ask yourself, are you the duck? If so, there’s a home, and a flourishing career for you at Aflac.
What does it take to be successful at Aflac?
- Acting with Integrity
- Communicating Effectively
- Pursuing Self-Development
- Serving Customers
- Supporting Change
- Supporting Organizational Goals
- Working with Diverse Populations
What will you be doing in this role?
- Proficient in Windows and *nix operating system administration and security
- Possess an understanding of various programming languages including C#, Python, php, asp, asp.net and assembly language
- Understanding of common attacks against applications such as the SANS top 25
- Able to maintain own tools and testing infrastructure
- Understanding of standard networking security controls such as IDS/IPS, WAF, proxies, and firewalls
- Networks (TCP/IP)
- Schematic Architecture Design
- Data Access and User Administration
- Data Security
- Application Security
- Network Security
- Security Risk Management
- Systems Security and User Administration
- Systems Security Maintenance
- Systems Security Policies and Procedures
- Systems Security Testing and Auditing
- Information Security Technology
- Server Hardware + O/S Management
Education & Experience Required
- Bachelor's Degree In Computer Science, Information Systems
- Four or more years of experience in application security
Or an equivalent combination of education and experience
Education & Experience Preferred
- Certification - Application security certifications such as OSCP, OSCE, GCIH, GPEN, GMOB, GWEB
Principal Duties & Responsibilities
- Conduct formal penetration tests on applications networks and systems in order to identify and provide remediation options for all vulnerabilities found; perform manual testing of applications at the lowest levels, not just interpret automated scan results; write scanning scripts and automate testing as often as possible
- Create formal written documentation of findings and recommendations to address vulnerabilities; assist development teams with writing patches for discovered vulnerabilities; assist security, server management, desktop, and application development teams with identifying and remediation of vulnerabilities
- Read or create architecture diagrams and perform threat modeling with them; assist architecture and development teams with the creation of more secure systems
- Brief management and technical resources on new public exploits, internally discovered vulnerabilities and likely attacker tactics
- Consume and prioritize automated scan results; provide remediation guidance and help eliminate false positives
- Perform reverse engineering of compiled applications and source code review when it is available
- Utilize industry standard tools such as Kali Linux, Burp or Charles Proxy, Acunetix, Dirbuster, Metasploit, sqlmap, IDA Pro, Immunity Debugger or Ollydebug
- Communicate with technical security and development resources as well as with non-technical executives and management
This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to: education, experience, licensure, certifications, geographic location, and internal equity. The range has been created in good faith based on information known to Aflac at the time of the posting. Compensation decisions are dependent on the circumstances of each case. This salary range does not include any potential incentive pay or benefits, however, such information will be provided separately when appropriate. The salary range for this position is $55,000 to $140,000.
In addition to the base salary, we offer an array of benefits to meet your needs including medical, dental, and vision coverage, prescription drug coverage, health care flexible spending, dependent care flexible spending, Aflac supplemental policies (Accident, Cancer, Critical Illness and Hospital Indemnity offered at no costs to employee), 401(k) plans, annual bonuses, and an opportunity to purchase company stock. On an annual basis, you’ll also be offered 11 paid holidays, up to 20 days PTO to be used for any reason, and, if eligible, state mandated sick leave (Washington employees accrue 1 hour sick leave for every 40 hours worked) and other leaves of absence, if eligible, when needed to support your physical, financial, and emotional well-being. Aflac complies with all applicable leave laws, including, but not limited to sick and safe leave, and adoption and parental leave, in all states and localities.