Application Security Analyst
DescriptionCortevaAgriscience creates the world's most recognized and premium agriculturalsolutions to address the greatest challenges in agriculture. With a focus ontechnology, Corteva Agriscience creates seed and crop protection products thatincrease productivity and profit for farmers while reducing risks to theirbusiness. Every day our digital tools deliver insights our global partners needto thrive now and into the future. As the worlds first dedicatedagriculture start-up, were building a culture that stays curious, thinksdifferently, acts boldly and takes a stand on whats right for our customers,our co-workers, our partners and our planet. We know weve got big challengesto solve – we hope you'll be part of the solution. Whether you are in the labor on the farm, teaching classes or crafting code – we need bold thinkers andfearless doers to bring their best to the job at hand. Every role at CortevaAgriscience includes an opportunity to grow what matters. Role SummaryTheApplication Security Analyst is responsible for conducting vulnerabilityassessments on the organization's applications and working with applicationdevelopment and support teams to coordinate remediation. This role willreport to the Manager of Vulnerability Risk Management and will work closelywith the application development teams to assess applications in development aswell as in production. This individual will also need to work acrossseveral application vulnerability assessment capabilities and help applicationteams to adopt secure development best practices. The Application SecurityAnalyst will help define and drive the implementation of these capabilities andwork to integrate application security processes within the SDLC. Key Responsibilities& AccountabilitiesResponsibilitiesDeveloproadmap for application security through the assessment of the applicationportfolio for Dynamic Application Security Testing (DAST) and develop processesfor vulnerability identification, analysis and remediation coordination.Implementcapabilities to conduct Static Application Security Testing (SAST) and SoftwareComposition Analysis (SCA) and develop processes required to integrate into theSDLC.Partnerwith application development teams to determine and implement secure developmentpractices including training developers.Identify,prioritize, and determine remediation priorities with leadership and securityarchitecture according to impact to the information systems and its data.Utilizetools and techniques to vet false positives and work with application teams tonavigate risk acceptance where applicable.Workcollaboratively with security architects, application teams, Corteva Securityleadership and business owners to ensure the Corteva security governanceobjectives are met.Evaluateapplication security from similar companies and other industries to determinebest practices that should be considered for inclusion in Corteva applicationsecurity. AccountabilitiesMonitor application findings, remediation plans, recommendations,risk mitigation strategies, risk acceptance and milestones.Assistapplication development and support teams with remediation and/or identifyingmitigating controls that may be implemented.Prepare metrics and reporting dashboardsto enable appropriate governance of the application security program.QualificationsKey Competencies RequiredTechnical CompetenciesAbilityto identify, assesses and document the severity and potential impact ofvulnerabilities and communicate assessment findings to application teams/ownersin a way that consistently drives objective, fact-based decisions.Knowledgeand experience in application development, SDLC processes, web hosting andAPIs.Exposureto R&D environments desired.Leadership CompetenciesExperienceworking in or with Fortune 500 companies for at least three years in anapplication security role.Experiencewith developing application security processes, implementation of scanningsolutions and development of metrics and reporting.Experience& Education RequiredFiveor more years of broad and diverse information security experience withadvanced understanding of both technical and non-technical controls and theability to effectively apply this knowledge when performing assessments.Atleast three years of application security experience including workingknowledge of scanning solutions, exploit testing, navigating authenticationtechniques to enable authenticated scans, integration into SDLC and experienceworking with application teams to remediate application code.BachelorsDegree; Computer Science, Information Technology, Cybersecurity or relatedfields are highly desired but not required.Whilenot required, certifications such as CISSP or GIAC Application Securitycertifications are desired. *LA-MA1Apply for this job.